DPA (Processing Agreement)

Table of Contents

1. Parties
2. Purpose and Nature of Processing
3. Sub-processors
4. Security and Confidentiality
5. Personal Data Breaches
6. Return and Deletion

1. Parties

This Data Processing Agreement ("DPA") forms part of the Terms of Service between TechServices IT AB, company reg. no. 559450-2881, operating the ReVoice service ("The Data Processor"), and the Business Customer ("The Data Controller").

By accepting the Terms of Service for a paid Business plan, or by signing a separate business contract with ReVoice, this DPA is also executed.

For Enterprise customers requiring a manually signed DPA document, please contact privacy@re-voice.io to receive a PDF version.

2. Purpose and Nature of Processing

Purpose: To provide voice transcription, analysis, summaries, and related tools via the ReVoice platform.
Categories of Data: Audio recordings, text transcripts, voice characteristics, and user account details.
Categories of Data Subjects: The Customer's employees, external meeting participants, clients, or other parties occurring in the Customer's recordings.

3. Sub-processors

To deliver the Service, the Processor engages carefully selected sub-processors for purposes including cloud storage, hosting, speech-to-text, AI processing, text-to-speech, meeting assistance, email delivery, and payment processing. The Processor shall remain fully liable to the Controller for the performance of its sub-processors.

Sub-processors process personal data solely to deliver their respective function and are bound by written agreements (including Standard Contractual Clauses where required) that prohibit them from retaining, logging, or using customer data to train their own models. A current and complete list of approved sub-processors is provided to the Controller on request. Any addition or change of sub-processor will be notified at least 30 days in advance, during which the Controller has the right to object.

4. Security and Confidentiality

The Processor undertakes to implement appropriate Technical and Organizational Measures (TOMs) to protect personal data:

All data at rest is encrypted using industry-standard AES-256. Data in transit is enforced over TLS 1.3.

Personnel engaged by the Processor to process data are bound by strict confidentiality agreements.

5. Personal Data Breaches

If the Processor becomes aware of a personal data breach affecting the Controller's data, the Processor shall notify the Controller without undue delay, and in any event no later than 48 hours after becoming aware of the breach.

6. Return and Deletion

Upon termination of the Agreement, the Processor shall (at the choice of the Controller) delete or return all personal data. The Controller may export all data via the service's export function prior to closing the account. In accordance with our Data Retention Policy, audio and AI-data are deleted strictly after 30 days for free-use, or immediately upon account deletion by an Administrator.