ReviewGlow
Start Your Free Trial
Legal

Data Processing Agreement

Last updated: May 13, 2026

This Data Processing Agreement ("DPA") is part of the Terms of Service between the Customer and ReviewGlow. It governs the processing of personal data we perform on behalf of the Customer, in compliance with applicable data protection laws including the GDPR and the CCPA.

01

Definitions

Data Controller

The entity that determines the purposes and means of the processing of personal data.

Data Processor

The entity that processes personal data on behalf of the Data Controller.

Data Subject

Any identified or identifiable individual whose personal data is processed.

Personal Data

Any information relating to an identified or identifiable individual.

Processing

Any operation or set of operations performed on personal data.

Sub-Processor

Any third party appointed by the Processor to process personal data on behalf of the Customer.

02

Roles and Responsibilities

Customer as Data Controller

Determines the legal basis for processing and ensures compliance with applicable data protection laws.

ReviewGlow as Data Processor

Processes personal data on behalf of the Customer in accordance with this DPA and the Customer's instructions.

03

Types of Personal Data Processed

ReviewGlow processes the following types of personal data on behalf of the Customer:

End-user data

Names, email addresses, reviews, feedback, video testimonials, and information submitted through review requests or landing pages.

Customer data

Names, email addresses, contact information, login credentials, and other business-related data.

Usage data

IP addresses, device information, and data related to usage of the Software.

04

Processor Obligations

ReviewGlow agrees to:

Process data only under Customer instructions

We process personal data only as necessary to provide the Software and per the Customer's documented instructions.

Ensure confidentiality

All employees and contractors involved in processing are subject to a duty of confidentiality.

Implement security measures

Appropriate technical and organizational measures protect personal data.

Assist the Customer

We help the Customer respond to data subject requests and perform impact assessments when required.

Data breach notification

We notify the Customer without undue delay after becoming aware of a personal data breach.

05

Sub-Processors

ReviewGlow may engage Sub-Processors to process personal data on behalf of the Customer.

  • Equivalent protection — Sub-Processors must provide the same level of data protection and security as required by this DPA.
  • Notice of changes — We inform the Customer of any intended changes concerning the addition or replacement of Sub-Processors.
  • Liability — We remain fully liable for the performance of our Sub-Processors.
06

International Data Transfers

Where personal data is transferred to countries outside the EEA, ReviewGlow ensures that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs).

07

Data Retention and Deletion

Upon termination or expiration of the Agreement, at the Customer's request, ReviewGlow will:

  • Return data — Return all personal data processed on behalf of the Customer.
  • Or delete data — Delete all personal data, unless retention is required by law.
08

Contact Information

For questions or concerns regarding this DPA or your data privacy rights, please contact us:

support@review-glow.com