Data Processing Agreement
This Data Processing Agreement ("DPA") details the rights and obligations of the parties concerning the processing of Personal Data in connection with Reviewlee's services. It forms part of the Reviewlee Terms of Service.
GDPR Compliance (Article 28)
Reviewlee processes Personal Data solely on behalf of the Customer (Data Controller) and in accordance with their documented instructions. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Authorized Subprocessors
To provide our services, we use the following third-party processors. We maintain data processing agreements with each subprocessor.
- Amazon Web Services (AWS) - Cloud Infrastructure Hosting (USA, EU)
- Stripe - Payment Processing (USA)
- Postmark - Transactional Emails (USA)
- Neon - Database Infrastructure (USA, EU)
Data Flow & Transfer
Data is encrypted in transit using TLS 1.3 and at rest using AES-256. Cross-border transfers are protected by Standard Contractual Clauses (SCCs) where applicable.
Data Subject Rights
We provide tools to assist Customers in fulfilling their obligations to respond to requests for exercising Data Subject rights, including access, rectification, erasure, and portability.