LoginBook a demo
LoginBook a demo

Processing and Protecting Personal Data at DevRev

At DevRev, we’re committed to maintaining the highest standards of data protection and transparency. Our Data Processing Agreement (DPA) outlines the ways we handle and safeguard the personal data you entrust to us while using the DevRev Service. This agreement forms part of our service terms, ensuring that your information is managed in accordance with applicable data privacy laws and best practices.

Want to obtain the text of the DevRev Data Processing Agreement (DPA)?

Please reach out to us at humansofdevrev@devrev.ai to obtain a copy of our Data Processing Agreement.

A copy of the Data Processing Agreement shall also be made available to you during initial sign-up.

If you are already a user you can find the Data Processing Agreement in the user dashboard.

Why do you need to sign a Data Processing Agreement with us?

By providing the DevRev service to businesses who have set up a user account with us and use our service and its features in connection with their own websites, web-stores and other digital products, DevRev is acting as the “processor” of certain personal data that might get collected and stored in connection with the service, while each individual DevRev user acts as the “controller” of such data, as defined by the GDPR in Article 28.

In simplified terms, our systems collect, store and otherwise process some of the data that might belong to your employees, end customers or other individuals that interact with our services, when you have integrated or otherwise deployed them for your own use.

We process this data on “contractual grounds” (namely the Terms of Service and Data Processing Agreement you accept when signing up for our service) in order to offer you and your end-users our services.

What’s in the DevRev Data Processing Agreement?

The DPA has been drafted in line with Article 28 of the GDPR and includes:

  • Roles and Responsibilities: Details on DevRev’s role as a data processor and your role as a data controller.
  • Data Protection Measures: An overview of the technical and organizational measures we implement to keep your data secure, such as encryption, access controls, and regular security audits.
  • Data Subject Rights: Information on how we support you in responding to requests from individuals to exercise their rights under data protection laws.
  • Data Transfer: Terms regarding international data transfers, ensuring compliance with GDPR and other regulatory frameworks.
  • Subprocessors: A list of any third parties we partner we engage in order to process data on your behalf, as well as explanations on how such parties safeguard your data.
  • Standard Contractual clauses and other country specific clauses: Our DPA also includes the EU Commission's Standard Contractual clauses and other country specific clauses for transferring and processing data outside of the EEA, UK and USA.

How does DevRev handle International Data transfers?

At DevRev, we understand the importance of securely managing international data transfers in compliance with global data privacy laws. To support this commitment, we use industry-standard frameworks and legal instruments to facilitate the lawful and secure transfer of personal data across borders.

EU Standard Contractual Clauses (SCCs)

For data transfers involving EU-based users, DevRev relies on the EU Standard Contractual Clauses (SCCs). These clauses, approved by the European Commission, provide contractual safeguards to ensure that personal data transferred outside the European Economic Area (EEA) is adequately protected, even when transferred to countries that may not offer an equivalent level of data protection.

UK-Specific Clauses

Following Brexit, we also apply tailored safeguards for personal data transferred from the United Kingdom. We leverage the UK’s International Data Transfer Addendum to the EU SCCs, which ensures compliance with UK-specific data transfer requirements and aligns with the standards established by the UK’s Information Commissioner’s Office (ICO).

United States Data Transfer Mechanisms

For personal data transfers to the United States, DevRev employs recognized contractual frameworks and implements additional measures, as necessary, to safeguard your information in accordance with evolving U.S. data protection guidelines. We work to align with relevant standards and best practices to address regulatory considerations around cross-border data transfers.

What about Personal Data use by AI systems?

The DevRev Data Processing Agreement also includes clauses and protective measures for when our systems (or the systems of our subprocessors) might include machine learning or other AI processing.

Is concluding the DevRev Data Processing Agreement enough?

The data of your company as well as other information on the processing of personal data in connection with your use of the DevRev services must always be available to end-users at the time they entrust their personal data to you (e.g. when your end-users interact with the DevRev live chat feature you have deployed on your website). According to the GDPR, the disclosure of this information as well as the responsibility for the lawfulness of processing thus performed is the responsibility of each individual user acting as a “data controller”.

You should thereby consult your legal counsel and draft your own privacy policy in a way that meets the requirements of Article 13 of the GDPR as well as any other specific local legal requirements.

What about data security?

We have implemented industry standard organisational and other security like SOC-II certification to keep your data safe.

You can find out more about the security measures we employ by following this link.

Reach out to us with any additional questions.

Should you have any additional questions about privacy and data processing at DevRev, our data protection office will be happy to help you and can be reached at dpo@devrev.ai