top of page

Home

Data Processing Addendum (DPA)

RevsSpace Data Processing Addendum (DPA)

(GDPR & DPDP Act Aligned)


Last updated: 15-Jan-2026

This Data Processing Addendum (“DPA”) forms part of the RevsSpace Terms & Conditions and applies where RevsSpace processes Personal Data on behalf of a customer.

This DPA is intended to satisfy:

  • Article 28 of the GDPR

  • India’s Digital Personal Data Protection Act, 2023 (DPDP Act)

 

1. Parties & Scope

This DPA is entered into between:

  • Customer (acting as Data Controller / Data Fiduciary), and

  • RevsSpace (acting as Data Processor)

This DPA applies to all Personal Data processed by RevsSpace on behalf of the Customer in connection with the Services.

 

2. Roles & Responsibilities

  • The Customer determines the purposes and means of processing Personal Data.

  • RevsSpace processes Personal Data only:

    • On documented instructions from the Customer

    • As required to provide the Services

    • As required by applicable law

RevsSpace does not process Personal Data for its own independent purposes beyond platform operation, security, billing, and compliance.

 

3. Nature & Purpose of Processing

Nature of Processing

  • Hosting

  • Storage

  • Access

  • Display

  • Sharing (as configured by Customer)

  • Deletion

Purpose of Processing

  • Providing RevsSpace platform functionality

  • Enabling spatial content creation and sharing

  • Supporting collaboration and analytics

  • Ensuring security, reliability, and billing accuracy

 

4. Categories of Data & Data Subjects

Categories of Personal Data

  • Account and user identifiers

  • Contact information

  • Usage metadata

  • Content uploaded by Customer (as applicable)

Categories of Data Subjects

  • Customer employees

  • Contractors

  • Clients

  • Authorized collaborators

  • End users invited by the Customer

 

5. Customer Obligations

The Customer represents and warrants that:

  • It has a lawful basis to collect and process Personal Data

  • It has obtained all required consents and notices

  • Its instructions comply with applicable data protection laws

The Customer is responsible for the legality of Personal Data uploaded to RevsSpace.

 

6. RevsSpace Obligations

RevsSpace shall:

  • Process Personal Data only as instructed

  • Ensure confidentiality of Personal Data

  • Implement reasonable technical and organizational safeguards

  • Assist the Customer with:

    • Data subject requests

    • Compliance obligations

    • Security inquiries

 

7. Security Measures

RevsSpace implements appropriate safeguards, including:

  • Access controls and authentication

  • Encryption in transit

  • Infrastructure security monitoring

  • Restricted employee access

Full security documentation may be shared with enterprise customers upon request.

 

8. Sub-Processors

  • RevsSpace may engage sub-processors (e.g., cloud providers)

  • All sub-processors are bound by written agreements with equivalent data protection obligations

  • RevsSpace remains responsible for sub-processor compliance

A list of sub-processors may be provided upon reasonable request.

 

9. Data Subject / Data Principal Rights

RevsSpace shall reasonably assist Customers in fulfilling:

  • GDPR data subject rights

  • DPDP Act data principal rights

Requests should be submitted via:
privacy@revsspace.com

 

10. Data Breach Notification

In the event of a Personal Data breach:

  • RevsSpace will notify the Customer without undue delay

  • Provide relevant information to support regulatory or user notification

  • Take reasonable steps to remediate the breach

 

11. Data Retention & Deletion

  • Personal Data is retained only as necessary to provide the Services

  • Upon termination, data will be deleted or returned within a reasonable period

  • Exceptions apply where retention is required by law or contract

Enterprise customers may define custom retention schedules.

 

12. Cross-Border Data Transfers

Personal Data may be processed outside the Customer’s jurisdiction, subject to:

  • GDPR-approved safeguards

  • DPDP Act–compliant transfer mechanisms

Data residency options may be available under enterprise agreements.

 

13. Audits & Compliance

  • RevsSpace may provide reasonable documentation to demonstrate compliance

  • Customer audits must be:

    • Limited in scope

    • Reasonably timed

    • Non-disruptive

    • Subject to confidentiality

 

14. Liability & Precedence

This DPA does not expand RevsSpace’s liability beyond what is stated in the Terms & Conditions or Enterprise Agreement.

In case of conflict:

  • This DPA prevails for data protection matters

  • Enterprise agreements prevail where explicitly stated

 

15. Contact

Data Protection Contact
privacy@revsspace.com
Bangalore, Karnataka, India

bottom of page