Data Processing Addendum

Effective date: July 9, 2026

1. Parties and Scope

This Data Processing Addendum ("DPA") is entered into between:

This DPA applies to the processing of personal data, specifically customer email addresses that you upload to Dexuro Reviews for the purpose of sending review request emails. In this context, you are the data controller and Dexuro Reviews acts as a data processor on your behalf.

2. Processing Scope and Instructions

Dexuro Reviews shall process customer email addresses solely in accordance with your documented instructions and for the limited purpose of sending review request emails. We will not process such data for any other purpose, including but not limited to marketing, profiling, or analytics, without your prior written consent.

3. Processor Obligations

Dexuro Reviews commits to:

4. Subprocessors

Dexuro Reviews uses the following subprocessors to deliver the service. By using our service, you consent to the engagement of these subprocessors:

Subprocessor Purpose Region
Cloudflare Web hosting, data storage, DDoS protection USA / EU
Resend Transactional email transmission USA
Anthropic AI reply suggestions (optional feature) USA

5. Security Measures

Dexuro Reviews implements the following security measures:

6. International Data Transfers

To the extent that we transfer personal data outside the EU/EEA (including to the USA via our subprocessors), we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission to provide adequate safeguards in accordance with GDPR Article 46. A copy of our SCCs is available upon request.

7. Breach Notification

If we become aware of a personal data breach, we shall notify you without undue delay and in any case within 72 hours of discovery. We will cooperate fully to help you meet your obligations to notify affected data subjects and supervisory authorities as required by law.

8. Audit and Inspection Rights

Subject to reasonable notice and confidentiality obligations, you have the right to audit our compliance with this DPA and to request documentation evidencing our adherence to the commitments herein. We may engage a qualified third-party auditor on your behalf at your expense.

9. Deletion and Return of Data

Upon termination or expiration of our agreement, we shall delete all personal data processed under this DPA or, if deletion is not possible, return such data to you. Data retained for legal or compliance reasons will be returned or securely deleted within 30 days of termination.

10. Assistance with Data Subject Rights

We will assist you in fulfilling data subject requests (such as access, rectification, erasure, portability, and objection rights) by providing relevant information or taking appropriate action within a reasonable timeframe.

11. Liability

Dexuro Reviews' liability under this DPA is limited to the extent permitted by applicable law and our Terms of Service. We are not responsible for losses arising from your breach of this DPA, your instructions, or your failure to comply with your own obligations as a data controller.

12. Governing Law

This DPA shall be governed by and construed in accordance with the laws of Hungary and the GDPR, without regard to conflict of law principles.

13. Changes to the DPA

We may update this DPA to reflect changes in our processing activities, security measures, or subprocessors. We will notify you of material changes via email or through our service dashboard.

This document is a template and does not constitute legal advice.