Loading...
Last updated: April 2026
Table of Contents
This Data Processing Agreement ("DPA") forms part of the Terms of Service between ReVoice ("The Data Processor") and the Business Customer ("The Data Controller").
By accepting the Terms of Service for a paid Business plan, or by signing a separate business contract with ReVoice, this DPA is also executed.
To deliver the Service, the Processor engages the following approved Sub-processors. The Processor shall remain fully liable to the Controller for the performance of the Sub-processors.
| Sub-processor | Service/Purpose | Location |
|---|---|---|
| OpenAI | AI Summaries & Insights | USA |
| Deepgram | Speech-to-Text Transcription | USA |
The designated providers process data exclusively via API to deliver the required functionality, and are bound (under SCCs) to not retain, log, or use customer data to train their models. Any change in Sub-processors will be notified at least 30 days in advance.
The Processor undertakes to implement appropriate Technical and Organizational Measures (TOMs) to protect personal data:
All data at rest is encrypted using industry-standard AES-256. Data in transit is enforced over TLS 1.3.
Personnel engaged by the Processor to process data are bound by strict confidentiality agreements.
If the Processor becomes aware of a personal data breach affecting the Controller's data, the Processor shall notify the Controller without undue delay, and in any event no later than 48 hours after becoming aware of the breach.
Upon termination of the Agreement, the Processor shall (at the choice of the Controller) delete or return all personal data. The Controller may export all data via the service's export function prior to closing the account. In accordance with our Data Retention Policy, audio and AI-data are deleted strictly after 30 days for free-use, or immediately upon account deletion by an Administrator.