Data Processing Addendum
Data processing framework for customers using RevokeTrail to manage operational records.
Purpose
This page is a placeholder framework intended to scope a future Data Processing Addendum between RevokeTrail and customers who process personal data through the service. It is not, by itself, an executed DPA.
Roles (high level)
At a high level and subject to legal review:
- The customer / tenant is generally the controller for customer, worker, partner, and asset operational data that the tenant enters into RevokeTrail.
- RevokeTrail is generally the processor / service provider for that customer data.
- RevokeTrail may act as controller for its own account, billing, security, and support administration data.
Subject matter of processing
Access asset management, operational audit trail, customer support, and subscription billing where active.
Categories of data subjects
- Tenant users (internal company users of the customer)
- Customer contacts entered by the tenant
- Residential customers, where the tenant serves B2C end customers
- Drivers / workers entered by the tenant
- Partner contacts entered by the tenant
- Submitters of support feedback
Categories of data
- Account and contact data
- Operational access-asset records
- Site and customer fields
- Audit metadata for operational actions
- Support messages and optional screenshots
- Billing identifiers and status, where Stripe billing is active
Security posture
RevokeTrail's current product design includes:
- No real access secrets stored (no door codes, PINs, alarm codes, credential values)
- Multi-tenant isolation of operational records
- Role-based access within each tenant
- Audit logs of operational actions
- Anonymous labels and QR codes
RevokeTrail does not currently claim encryption guarantees, specific hosting region, backup regime, completed penetration testing, SOC 2, ISO 27001, MFA support, or GDPR certification.
Subprocessors
See the current draft list on the subprocessors page.
Customer instructions
Customers must not enter real access secrets (door codes, PINs, alarm codes, lockbox codes, gate codes, digital credential secrets) and must not enter sensitive personal data that is unnecessary for operational asset tracking.
Data subject requests
RevokeTrail provides operational data export and anonymization / deletion workflows as product capabilities to help tenants respond to data subject requests. These capabilities are not, by themselves, a legal guarantee of compliance.
International transfers
Placeholder pending legal review. RevokeTrail does not currently claim EU-only hosting, executed Standard Contractual Clauses, or a specific transfer mechanism.
Deletion and return of data
Placeholder pending legal review. Final terms for retention, deletion, and return of customer data on termination will be defined in the executed DPA.
Contact
For DPA inquiries, reach the RevokeTrail support team:
help at revoketrail dot comOperating company
RevokeTrail is operated by Baltic Vendor Management OÜ, an Estonian private limited company registered in the European Union.
- Platform
- RevokeTrail
- Operator
- Baltic Vendor Management OÜ
- Legal form
- Estonian private limited company (osaühing)
- Registry code
- 14157774
- D-U-N-S
- 521910092
- VAT
- EE102226148
- Jurisdiction
- Estonia, European Union
Preliminary legal information. Final contractual terms may be provided separately.