Data Processing Addendum

Data processing framework for customers using RevokeTrail to manage operational records.

Purpose

This page is a placeholder framework intended to scope a future Data Processing Addendum between RevokeTrail and customers who process personal data through the service. It is not, by itself, an executed DPA.

Roles (high level)

At a high level and subject to legal review:

  • The customer / tenant is generally the controller for customer, worker, partner, and asset operational data that the tenant enters into RevokeTrail.
  • RevokeTrail is generally the processor / service provider for that customer data.
  • RevokeTrail may act as controller for its own account, billing, security, and support administration data.

Subject matter of processing

Access asset management, operational audit trail, customer support, and subscription billing where active.

Categories of data subjects

  • Tenant users (internal company users of the customer)
  • Customer contacts entered by the tenant
  • Residential customers, where the tenant serves B2C end customers
  • Drivers / workers entered by the tenant
  • Partner contacts entered by the tenant
  • Submitters of support feedback

Categories of data

  • Account and contact data
  • Operational access-asset records
  • Site and customer fields
  • Audit metadata for operational actions
  • Support messages and optional screenshots
  • Billing identifiers and status, where Stripe billing is active

Security posture

RevokeTrail's current product design includes:

  • No real access secrets stored (no door codes, PINs, alarm codes, credential values)
  • Multi-tenant isolation of operational records
  • Role-based access within each tenant
  • Audit logs of operational actions
  • Anonymous labels and QR codes

RevokeTrail does not currently claim encryption guarantees, specific hosting region, backup regime, completed penetration testing, SOC 2, ISO 27001, MFA support, or GDPR certification.

Subprocessors

See the current draft list on the subprocessors page.

Customer instructions

Customers must not enter real access secrets (door codes, PINs, alarm codes, lockbox codes, gate codes, digital credential secrets) and must not enter sensitive personal data that is unnecessary for operational asset tracking.

Data subject requests

RevokeTrail provides operational data export and anonymization / deletion workflows as product capabilities to help tenants respond to data subject requests. These capabilities are not, by themselves, a legal guarantee of compliance.

International transfers

Placeholder pending legal review. RevokeTrail does not currently claim EU-only hosting, executed Standard Contractual Clauses, or a specific transfer mechanism.

Deletion and return of data

Placeholder pending legal review. Final terms for retention, deletion, and return of customer data on termination will be defined in the executed DPA.

Contact

For DPA inquiries, reach the RevokeTrail support team:

help at revoketrail dot com

Operating company

RevokeTrail is operated by Baltic Vendor Management OÜ, an Estonian private limited company registered in the European Union.

Platform
RevokeTrail
Operator
Baltic Vendor Management OÜ
Legal form
Estonian private limited company (osaühing)
Registry code
14157774
D-U-N-S
521910092
VAT
EE102226148
Jurisdiction
Estonia, European Union

Preliminary legal information. Final contractual terms may be provided separately.