1. Overview
Vizuna provides a Data Processing Addendum (DPA) for enterprise customers who require GDPR-style controller/processor terms and related privacy commitments. For enterprise deployments, the customer acts as controller and Vizuna acts as processor of personal data processed through the Service.
2. Request the DPA
To request our current DPA template (including all annexes and the subprocessor list), email support@vizuna.com.
3. What it covers
- Roles and responsibilities (customer as controller, Vizuna as processor)
- Processing instructions and purpose limitation
- Security measures and confidentiality commitments
- Subprocessor management with notification and right to object
- Data subject rights request handling
- Security incident notification (within 72 hours of confirmation)
- Audit rights (paper audit by default; on-site upon demonstrated cause)
- International transfer mechanisms (Standard Contractual Clauses, UK Addendum)
- Data deletion and return on termination
4. Annexes
The DPA includes four detailed annexes:
- Annex 1 — Processing details: categories of data subjects, types of personal data, processing purposes, and retention periods.
- Annex 2 — Security measures: technical and organisational measures including encryption, access controls, and incident response.
- Annex 3 — Subprocessor list: current subprocessors with processing locations and purposes.
- Annex 4 — Transfer mechanisms: international data transfer safeguards where applicable.
5. Data retention and deletion
Vizuna retains in-product data while accounts are active to support longitudinal insights. On termination, Vizuna will delete or return customer personal data within the timeframes specified in the DPA and applicable Order Form. Enterprise customers may negotiate a custom retention schedule.