Infrastructure Protection
DATA PROCESSING (DPA).
This Data Processing Addendum (DPA) defines the relationship between the Controller (The Client) and Revstackr Ltd (The Processor). It forms part of the Master Agreement hosted at revstackr.co.uk/terms.
01 Data Protection Framework
This DPA satisfies the requirements of Article 28 of the UK GDPR. RevStackr processes Personal Data solely on the documented instructions of the Controller to provide the Services defined in the Master Agreement.
05 Technical Security (TOMs)
Taking into account the institutional nature of our partner data, RevStackr implements technical and organisational measures (TOMs) to ensure a level of security appropriate to the risk, including:
- AES-256 Encryption at rest.
- TLS 1.2+ Encryption in transit.
- Strict role-based access control (RBAC).
- Comprehensive audit logging and telemetry.
08 Rapid Breach Notification
48-Hour Protocol: RevStackr will notify the Controller without undue delay, and in any event within 48 hours, after becoming aware of a Personal Data Breach affecting Controller data. This notification will include the nature of the incident and initial mitigation steps.
S1 Schedule 1: Processing Details
Processing required to provide the RevStackr Operating System, including lead management and automated follow-up logic.
The Term of the Agreement plus 30 days post-termination for data export and preservation.
Names, contact details (email/phone), communication logs, and property-specific lead metadata.
10 International Safeguards
Transfers of data outside the UK (e.g., to our upstream infrastructure providers in the USA) are governed by the UK Addendum to the EU Standard Contractual Clauses (SCCs) or the UK extension to the Data Privacy Framework.
11 Termination & Purge Protocol
Upon termination, we retain data for 30 days to allow for export or reactivation. Following this period, all production data is purged from our systems, subject to legal retention requirements for financial and contract records.