VUEPAK DATA PROCESSING AGREEMENT

July 18, 2025

This Data Processing Agreement ("DPA") supplements and forms part of the Vuepak Terms of Service ("Agreement") between Vuepak, Inc. ("Vuepak," "we," "us," or "our") and the customer ("Customer," "you," or "your"). This DPA governs the processing of Personal Data by Vuepak on behalf of Customer in connection with the Vuepak Services.

1. DEFINITIONS

  1. 1.1 "Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with a party.
  2. 1.2 "Controller" means the entity that determines the purposes and means of processing Personal Data.
  3. 1.3 "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
  4. 1.4 "GDPR" means the General Data Protection Regulation (EU) 2016/679.
  5. 1.5 "Personal Data" means any information relating to an identified or identifiable natural person that Customer uploads, submits, or transmits through the Services, including contact information, email addresses, and any other data that constitutes personal data under applicable Data Protection Laws.
  6. 1.6 "Data Protection Laws" means all applicable laws, regulations, and binding guidance relating to data protection and privacy, including without limitation the GDPR, UK Data Protection Act 2018, California Consumer Privacy Act (CCPA), and other applicable privacy laws.
  7. 1.7 "Processor" means the entity that processes Personal Data on behalf of the Controller.
  8. 1.8 "Services" means the Vuepak platform and related services as described in the Agreement.
  9. 1.9 "Sub-processor" means any third party engaged by Vuepak to process Personal Data on behalf of Customer.

2. DATA PROCESSING ROLES

  1. 2.1 Controller and Processor Relationship. Customer is the Controller of Personal Data and determines the purposes and means of processing. Vuepak is the Processor and processes Personal Data solely on behalf of and according to Customer's documented instructions.

    Important Note: Unlike some sales and marketing platforms, Vuepak does not maintain its own contact database or sell lead data to customers. Vuepak only processes Personal Data that Customer uploads or creates through the Services.

  2. 2.2 Customer Responsibilities. Customer warrants that:
    • It has the legal basis for processing Personal Data and for instructing Vuepak to process Personal Data
    • It has provided all necessary notices and obtained all necessary consents for the processing of Personal Data
    • Its instructions comply with applicable Data Protection Laws
    • It will respond to Data Subject requests and regulatory inquiries as required by law
  3. 2.3 Vuepak Responsibilities . Vuepak will:
    • Process Personal Data only in accordance with Customer's documented instructions
    • Implement appropriate technical and organizational security measures
    • Assist Customer in responding to Data Subject requests where feasible
    • Notify Customer of any Personal Data breaches without undue delay

3. PROCESSING INSTRUCTIONS

  1. 3.1 Permitted Processing. Vuepak will process Personal Data only:
    • To provide the Services as described in the Agreement
    • As necessary for compliance with legal obligations
    • As documented in this DPA
    • As further instructed by Customer through the Services or in writing
  2. 3.2 Processing Activities. Vuepak may process Personal Data for the following purposes:
    • Storing and organizing contact lists and Customer Data
    • Delivering email campaigns and text messages
    • Creating and managing multimedia presentations (Packages)
    • Managing automation workflows (Sequences)
    • Providing analytics and engagement tracking
    • Providing customer support
    • Ensuring platform security and functionality
  3. 3.3 Prohibited Processing. Vuepak will not:
    • Sell, rent, or otherwise commercialize Personal Data
    • Process Personal Data for its own business purposes beyond providing the Services
    • Combine Personal Data with data from other customers
    • Use Personal Data for marketing to Data Subjects without Customer's explicit consent

4. DATA SECURITY

  1. 4.1 Security Measures. Vuepak implements appropriate technical and organizational measures to protect Personal Data, including:
    • Encryption of data in transit (HTTPS/TLS)
    • Strict access controls and authentication mechanisms (authorized users only)
    • Encrypted Vuepak IDs for API communications
    • Regular security assessments and updates
    • Employee training on data protection
    • Network security and monitoring
    • Secure data deletion procedures
  2. 4.2 Security Standards. Vuepak maintains security measures designed to protect against unauthorized access, disclosure, alteration, or destruction of Personal Data.
  3. 4.3 Security Incidents. Vuepak will notify Customer without undue delay upon becoming aware of any Personal Data breach that affects Customer's Personal Data, providing available information about the nature of the breach and recommended mitigation steps.

5. SUB-PROCESSORS

  1. 5.1 Authorized Sub-processors. Customer consents to Vuepak's use of Sub-processors for the following categories:
    • Cloud hosting and infrastructure providers
    • Email and SMS delivery services
    • Customer support platforms
    • Analytics and monitoring services
    • Security and backup services
  2. 5.2 Sub-processor Requirements. Vuepak ensures that any Sub-processor:
    • Is bound by data protection obligations equivalent to those in this DPA
    • Implements appropriate security measures
    • Provides adequate guarantees regarding data protection
  3. 5.3 Sub-processor Changes. Vuepak will provide reasonable notice of any new Sub-processors or changes to existing Sub-processors through updates to our privacy policy or direct communication.

6. INTERNATIONAL TRANSFERS

  1. 6.1 Transfer Basis. Personal Data may be transferred to and processed in the United States and other countries where Vuepak or its Sub-processors operate.
  2. 6.2 Transfer Safeguards. For transfers subject to GDPR or other applicable laws requiring adequate safeguards, Vuepak implements appropriate safeguards such as:
    • Standard Contractual Clauses approved by the European Commission (available upon request)
    • Adequacy decisions by relevant authorities
    • Other legally recognized transfer mechanisms
  3. 6.3 Standard Contractual Clauses. Where required for international transfers, the Standard Contractual Clauses (Controller to Processor) approved by the European Commission shall apply and are incorporated by reference into this DPA. The completed annexes are available upon request.

7. DATA SUBJECT RIGHTS

  1. 7.1 Customer Obligations. Customer is primarily responsible for responding to Data Subject requests. Vuepak will provide reasonable assistance to Customer in fulfilling its obligations to respond to requests from Data Subjects.
  2. 7.2 Vuepak Assistance. Upon Customer's request, Vuepak will:
    • Provide access to Personal Data within our control
    • Assist with data portability requests where technically feasible
    • Correct or delete Personal Data as instructed by Customer
    • Restrict processing as directed by Customer

8. DATA RETENTION AND DELETION

  1. 8.1 Data Retention. Vuepak retains Personal Data only for as long as necessary to provide the Services and as instructed by Customer.
  2. 8.2 Data Deletion. Upon termination of the Agreement:
    • Customer Data will be deleted immediately for paid subscribers upon termination
    • Customer Data will be deleted 14 days after expiration for Free Trial users
    • Customer may request earlier deletion by contacting support
    • Data in backups and replicas will age out of the system as part of our data lifecycle management
  3. 8.3 Legal Retention. Vuepak may retain Personal Data longer if required by applicable law or legitimate business purposes (such as backup recovery), but will cease active processing.

9. AUDITS AND COMPLIANCE

  1. 9.1 Compliance Monitoring. Vuepak regularly monitors compliance with this DPA and applicable Data Protection Laws.
  2. 9.2 Audit Rights. Upon reasonable notice and subject to confidentiality obligations, Customer may audit Vuepak's compliance with this DPA once per year, or Vuepak may provide industry-standard audit reports or certifications.

10. LIABILITY AND INDEMNIFICATION

  1. 10.1 Limitation of Liability. Each party's liability under this DPA is subject to the limitation of liability provisions in the Agreement.
  2. 10.2 Indemnification. Customer will indemnify Vuepak against claims arising from Customer's violation of Data Protection Laws or this DPA.

11. TERM AND TERMINATION

  1. 11.1 Term. This DPA remains in effect for the duration of the Agreement.
  2. 11.2 Survival. Data protection obligations survive termination until all Personal Data is deleted or returned.

12. GENERAL PROVISIONS

  1. 12.1 Conflict. In case of conflict between this DPA and the Agreement, this DPA prevails with respect to data protection matters.
  2. 12.2 Amendments. This DPA may be amended only in writing or through updates to our Terms of Service with appropriate notice.
  3. 12.3 Governing Law. This DPA is governed by the same law as the Agreement, except where Data Protection Laws require otherwise.
  4. 12.4 Contact Information. For data protection inquiries, contact:



    Privacy Officer
    Vuepak, Inc.
    13506 Summerport Village Pky. #342
    Windermere, FL 34786
    Contact: Use our Contact Us form.