1. Scope and roles
Client is the data controller. RVLS is the data processor. This DPA applies to any personal data RVLS processes to deliver the services described in the underlying agreement.
2. Nature and purpose of processing
RVLS processes personal data solely to provide the contracted services — building, operating, and supporting client software. We do not sell, share, or use client data for our own purposes.
3. Sub-processors
We use a limited set of vetted infrastructure and productivity sub-processors. A current list is available on request and updated with 30 days' notice before adding a material new sub-processor.
4. Security measures
RVLS maintains commercially reasonable administrative, physical, and technical safeguards as described on our security page.
5. Data subject rights
RVLS assists the client in responding to verified data subject requests within the timelines required by applicable law.
6. Return and deletion
On termination, RVLS returns or deletes personal data at client direction within 30 days, subject to any legal retention obligations.
7. International transfers
Where personal data is transferred outside its country of origin, RVLS relies on standard contractual clauses and equivalent lawful transfer mechanisms.
Ready to scope your build?
NDA-first intake. Senior-only teams. Production-ready increments every sprint.