DATA PROCESSING AGREEMENT (DPA)

Last updated May 09, 2026
Повідомлення про мову: Цей документ складено англійською мовою. Користуючись Сервісом, ви погоджуєтеся з тим, що саме англійська версія є юридично обов'язковою угодою. Будь-які переклади, надані в інтерфейсі додатка, призначені виключно для зручності.

This Data Processing Agreement ("DPA") forms an integral part of the Terms of Service between FOP Zandhaim Vladyslav Edvardovych ("Rekeep", "Processor", "we", "us") and you or the entity you represent ("Customer", "Controller", "you").

By using the Rekeep recurring SMS messaging service ("Service"), you agree to the terms of this DPA. This document outlines our mutual obligations regarding the processing of personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR").

Strictly Service-Oriented Processing: We will process your personal data only on your documented instructions and exclusively for the purpose of providing the Rekeep Service. We do not, and will never, sell your personal data or your customers' data to third parties.

1. Roles, Scope, and International Transfers

For the purposes of the GDPR, you are the Data Controller of the personal data you upload to the Service, and Rekeep is the Data Processor. Our primary servers and databases are located securely within the European Union (Frankfurt, Germany).

If the engagement of a Sub-processor involves the transfer of personal data outside the European Economic Area (EEA) to a country not recognized by the European Commission as providing an adequate level of protection, such transfers shall be governed by the Standard Contractual Clauses (SCCs) approved by the European Commission.

2. Sub-processors

You grant us general authorization to engage the Sub-processors listed in Annex III to assist in providing the Service. We ensure that any Sub-processor we engage is bound by written data protection obligations equivalent to those in this DPA. We will notify you of any intended changes concerning the addition or replacement of Sub-processors.

3. Security Measures & Data Breaches

Rekeep implements appropriate technical and organizational measures (detailed in Annex II) to ensure a level of security appropriate to the risk. In the event of a confirmed Personal Data Breach affecting your data, Rekeep will notify you without undue delay.

4. Deletion of Data

Upon termination or expiration of your account, Rekeep will delete all personal data processed on your behalf, unless applicable laws require further storage.

ANNEX I: Details of Processing

Subject Matter & Nature

Storing contact lists, scheduling, and routing SMS messages.

Data Subjects

The Controller's end-customers, clients, or prospects.

Categories of Data

Names, Phone Numbers, Custom Tags

Duration

Duration of the active Terms of Service agreement.

ANNEX II: Technical and Organizational Measures (TOMs)

Rekeep utilizes modern, secure-by-default architecture built on the Elixir/Phoenix framework. Our security measures include, but are not limited to:

  • Data Encryption: All data in transit is encrypted using TLS 1.2 or higher. Data at rest is encrypted by our database provider (Neon).
  • Secure Authentication: Rekeep employs Passwordless/Magic Link authentication, eliminating the risk of weak or compromised passwords.
  • Framework Protections: Our application strictly utilizes parameterized database queries to prevent SQL injection, alongside built-in CSRF (Cross-Site Request Forgery) protection and secure, HTTP-only session cookies.
  • Infrastructure Security: Application environments are logically isolated. Database access is strictly restricted to authorized services and personnel.

ANNEX III: Authorized Sub-processors

Sub-processor Service Provided Location
Fly.io, Inc. Cloud Application Hosting Frankfurt, Germany (EU)
Neon, Inc. Serverless Database (Postgres) Frankfurt, Germany (EU)
Resend, Inc. Transactional Emails (System alerts) USA / Global
Twilio Inc. / SMS.to SMS Gateway & Delivery Routing USA / EU / Global