Data Processing Addendum (DPA)

1. Scope

This DPA applies when ReviewSentinel processes personal data on behalf of a business customer in connection with the service.

2. Roles

Customer acts as controller for customer personal data. ReviewSentinel acts as processor for that data when processing on customer instructions.

3. Processing Details

• Subject matter: delivery of app-review monitoring, routing, and related support.
• Duration: for the term of the service and applicable retention periods.
• Nature/purpose: storing configuration, routing reviews, and posting notifications.
• Data categories: workspace metadata, channel/destination metadata, app/review metadata, billing metadata.
• Data subjects: customer workspace users and public app-review authors.

4. Processor Obligations

• Process data only on documented customer instructions.
• Ensure confidentiality obligations for authorized personnel.
• Implement appropriate technical and organizational security measures.
• Assist customer with data-subject requests where required.
• Notify customer without undue delay of relevant personal data incidents.

5. Subprocessors

Customer authorizes use of subprocessors required to provide the service. Current subprocessors are listed in the Trust Center.

Material subprocessor changes will be reflected in the Trust Center and this DPA page.

6. International Transfers

Where data is transferred internationally, ReviewSentinel and its providers apply safeguards appropriate to the transfer context under applicable law.

7. Return/Deletion

Upon termination, customer may request deletion of customer personal data, subject to legal retention obligations and limited technical backups.

8. Contact

For DPA requests, signed copies, or compliance questions, contact support@reviewsentinel.app.