BuildByRavi CRM Back to home

Legal

Data Processing Addendum

Last updated: June 18, 2026

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between BuildByRavi CRM (“Processor”) and the Customer (“Controller”) where Customer Data includes personal data subject to applicable data-protection laws (including GDPR, UK GDPR, and CCPA).

1. Definitions

Capitalized terms not defined here have the meaning given in the Terms of Service or in applicable data-protection laws. “Personal Data”, “Processing”, “Controller”, “Processor”, and “Data Subject” have the meanings given in Article 4 of the GDPR.

2. Roles of the parties

For Personal Data uploaded to the Service, the Customer is the Controller and BuildByRavi is the Processor. BuildByRavi processes Personal Data only on documented instructions from the Customer.

3. Processing details

  • Subject matter: provision of the CRM Service.
  • Duration: the term of the Customer's subscription plus the post-termination retention period.
  • Nature and purpose: storage, retrieval, and processing of CRM-related data.
  • Categories of Data Subjects: Customer's employees, contacts, leads, prospects, and end users.
  • Categories of Personal Data: identification data (name, email, phone), professional data (title, company), communication metadata.

4. Subprocessors

BuildByRavi engages subprocessors only with the Customer's general written authorization. A current list is available on request. We will notify the Customer of any intended changes at least 30 days in advance and give the Customer the right to object.

5. Security measures

  • Encryption in transit (TLS 1.2+) and at rest where applicable.
  • Access controls with least-privilege roles.
  • Password hashing using scrypt.
  • Regular security reviews and dependency updates.
  • Backups and recovery procedures.

6. Data subject requests

BuildByRavi will assist the Customer in responding to requests from Data Subjects to exercise their rights (access, rectification, erasure, restriction, portability, objection) by providing relevant tooling and, where necessary, reasonable cooperation.

7. Personal data breaches

BuildByRavi will notify the Customer without undue delay (and in any case within 72 hours) after becoming aware of a Personal Data Breach affecting the Customer's data, and will provide all information reasonably required for the Customer to meet its notification obligations.

8. International transfers

Where Personal Data is transferred outside the EEA / UK / Switzerland, BuildByRavi relies on Standard Contractual Clauses (SCCs) and equivalent UK/Swiss addenda.

9. Audits

The Customer may, no more than once per year and with at least 30 days' notice, audit BuildByRavi's compliance with this DPA, subject to reasonable confidentiality and access restrictions.

10. Return or deletion

Upon termination of the Service, BuildByRavi will, at the Customer's choice, delete or return all Personal Data within 30 days unless retention is required by law.

11. Contact

To execute this DPA or for related inquiries, email [email protected].

Terms of ServicePrivacy PolicyCookie PolicyDPAAcceptable UseRefund Policy