RevDock

Data Processing Agreement

Last updated: December 13, 2025

This Data Processing Agreement ("DPA") is between RevDock and you, the customer. It forms part of the Terms of Service and explains how we handle data on your behalf.

1. Key Terms

  • Controller – That's you. You decide what data to collect and why (your visitors, your website).
  • Processor – That's us, RevDock. We process data only to provide our widget services.
  • Subprocessor – Vendors we use to help process data (e.g., hosting providers).

2. Scope of Processing

When you add the RevDock script to your website, we collect visitor information to power our widgets:

  • IP address (to determine visitor location for parity pricing)
  • Browser type and device info
  • Page activity and widget interactions

We process data only to provide you with widget functionality. We never use your data for our own marketing. We never sell or share your data with third parties.

3. Your Responsibilities

As the data controller, you are responsible for:

  • Cookie Consent: Displaying a cookie consent banner where required by law (GDPR, ePrivacy, etc.)
  • Privacy Notice: Informing your visitors about data collection in your privacy policy
  • User Requests: Handling data access, deletion, or other requests from your visitors

4. Our Responsibilities

As the data processor, we will:

  • Process data only according to your instructions
  • Keep data secure and confidential
  • Assist you in meeting your data protection obligations, within reason

5. Data Retention

  • Account data: Kept until you delete your account
  • Visitor data: Retained to provide widget functionality

You can request deletion at any time by contacting us.

6. Subprocessors

We use the following trusted vendors to process data:

  • Vercel (hosting)
  • PostgreSQL database providers
  • Stripe (payments)

We may add or replace subprocessors and will update this page.

7. International Data Transfers

Our infrastructure may be located outside the EU, including in the United States. We rely on our subprocessors' compliance with applicable laws (including GDPR Standard Contractual Clauses) to safeguard these transfers.

8. Security

We implement the following security measures:

  • Encryption in transit via HTTPS
  • Access controls – only you can access your data
  • Secure hosting with reputable vendors
  • Regular backups

9. Contact

Questions about this DPA? Email us at imad@getrevdock.com

By using RevDock, you agree to this Data Processing Agreement.