1. Definitions
Data Controller: The client company using VOZFEED
Data Processor: VOZFEED
Personal Data: Any information relating to an identified or identifiable person
Processing: Any operation performed on Personal Data
Sub-processor: Third parties that process Personal Data on behalf of VOZFEED
Data Protection Laws: GDPR, CCPA, Argentina Law 25.326, and other applicable laws
2. Scope and Role
2.1 Role of Parties
VOZFEED acts as a Data Processor on behalf of the Data Controller (the client company) for Personal Data processed through the Service.
2.2 Data Processed
- Voice audio recordings
- Review transcriptions
- Text reviews
- Reviewer names (when provided)
- Email addresses (when provided with consent)
- Usage data and metrics
2.3 Purpose of Processing
To provide review collection, transcription, analysis, and management services as configured by the Data Controller.
3. Processor Obligations
3.1 Processing According to Instructions
VOZFEED will process Personal Data only according to the documented instructions of the Data Controller, unless required by applicable law.
3.2 Confidentiality
All VOZFEED personnel with access to Personal Data are subject to confidentiality obligations.
3.3 Security
VOZFEED implements appropriate technical and organizational measures to protect Personal Data:
Technical Measures:
- TLS 1.3 encryption in transit
- AES-256 encryption at rest
- Secure authentication
- Role-based access control
- Automated encrypted backups
- 24/7 security monitoring
Organizational Measures:
- Documented security policies
- Regular staff training
- Incident response procedures
- Periodic risk assessments
3.4 Sub-processors
VOZFEED may engage Sub-processors to process Personal Data. The Data Controller authorizes the use of the following Sub-processors:
Groq AI
- Purpose: Audio transcription and AI analysis
- Location: United States
- Safeguards: Data processing agreement, encryption
Cloudinary
- Purpose: Secure audio file storage
- Location: Multiple regions
- Safeguards: Encryption at rest, access controls
Vercel
- Purpose: Application hosting and infrastructure
- Location: Multiple regions
- Safeguards: Encryption, access controls, SOC 2 compliance
VOZFEED will notify the Data Controller of any changes to Sub-processors at least 30 days in advance.
3.5 Assistance to Controller
VOZFEED will assist the Data Controller in:
- Responding to data subject rights requests
- Complying with security obligations
- Conducting data protection impact assessments
- Notifying data breaches
3.6 Breach Notification
VOZFEED will notify the Data Controller without undue delay (within 72 hours) after becoming aware of a Personal Data breach.
4. Controller Obligations
4.1 Lawful Instructions
The Data Controller warrants that its processing instructions comply with applicable Data Protection Laws.
4.2 Consent
The Data Controller is responsible for obtaining all necessary consents from data subjects for the collection and processing of Personal Data.
4.3 Legal Basis
The Data Controller warrants having a valid legal basis for processing Personal Data.
5. Data Subject Rights
5.1 Requests
The Data Controller is responsible for responding to data subject rights requests. VOZFEED will provide reasonable assistance.
5.2 Tools
VOZFEED provides tools for the Data Controller to:
- Export data in CSV format
- Delete specific reviews or campaigns
- Access all collected data
6. International Transfers
6.1 Transfer Mechanisms
For data transfers outside the EEA, VOZFEED uses:
- EU Standard Contractual Clauses
- Transfer impact assessments
- Additional security measures
6.2 Safeguards
VOZFEED implements appropriate technical, organizational, and contractual safeguards to protect Personal Data transferred internationally.
7. Audits and Inspections
7.1 Right to Audit
The Data Controller may audit VOZFEED's compliance with this DPA, subject to:
- Reasonable notice (at least 30 days)
- Reasonable frequency (no more than once per year)
- Confidentiality obligations
- Reasonable costs
7.2 Certifications
VOZFEED may provide third-party compliance certifications in lieu of on-site audits.
8. Data Retention and Deletion
8.1 Retention
VOZFEED retains Personal Data according to the Data Controller's instructions and applicable legal requirements.
8.2 Deletion
Upon termination of the Service, VOZFEED will:
- Delete or return all Personal Data
- Delete existing copies (subject to legal requirements)
- Certify deletion in writing
8.3 Deletion Period
- Primary data: Deleted within 30 days
- Backups: Deleted within 90 days
- Legal exceptions: Retained as required by law
9. Liability and Indemnification
9.1 Liability
VOZFEED is liable to the Data Controller for damages caused by breaches of this DPA, subject to limitations in the Terms of Service.
9.2 Indemnification
VOZFEED will indemnify the Data Controller for claims arising from VOZFEED's violations of Data Protection Laws.
10. Term and Termination
10.1 Term
This DPA remains in effect while VOZFEED processes Personal Data on behalf of the Data Controller.
10.2 Termination
This DPA terminates automatically upon termination of the Service.
10.3 Survival
Confidentiality, data deletion, and indemnification obligations survive termination.
11. General Provisions
11.1 Order of Precedence
In case of conflict between this DPA and the Terms of Service, this DPA prevails on data protection matters.
11.2 Modifications
VOZFEED may update this DPA to reflect changes in laws or practices. Material changes will be notified 30 days in advance.
11.3 Governing Law
This DPA is governed by the same laws as the Terms of Service.
12. Contact
For questions about this DPA:
Email: dpo@vozfeed.com
Subject: "DPA Inquiry"
Website: https://vozfeed.com
By using VOZFEED, the Data Controller accepts the terms of this Data Processing Agreement.