DATA PROCESSING AGREEMENT (DPA) – SUMMARY

Effective Date: January 5th, 2026

This Data Processing Agreement (“DPA”) applies where Revion Solutions, Inc. (“Revion,” “Revion.com,” “we,” or “us”) processes personal data on behalf of a Customer in connection with Revion-hosted or managed services (the “Services”). This DPA is intended to satisfy applicable data protection requirements, including GDPR, UK GDPR, and CCPA/CPRA, where those laws apply to Customer data.

1. Purpose and Scope
This DPA governs Revion’s processing of personal data transferred by Customer or collected through the provision of Services. Revion processes such personal data only to provide the Services and only in accordance with Customer instructions, unless required by law.

2. Roles of the Parties
Customer acts as data controller (or business), and Revion acts as processor (or service provider) for personal data processed through the Services.

3. Processing Activities
Revion may process personal data for: hosting and storage; server and platform administration; account and billing management; logging, monitoring, and security operations; support troubleshooting; and backup or disaster recovery processes.

4. Confidentiality and Access Restrictions
Revion limits access to Customer personal data to authorized personnel who require access to perform the Services and require those personnel to maintain confidentiality.

5. Technical and Organizational Security Measures
Revion implements safeguards designed to protect Customer personal data, including encryption (where supported), secure credential controls, monitoring, infrastructure hardening, patching, and vulnerability remediation.

6. Subprocessor Engagement
Revion may use subprocessors to support the Services. Revion conducts diligence on subprocessors and requires appropriate contractual protections. A current list of subprocessors is published separately on the Sub-Processor List page.

7. Customer Responsibilities
Customer remains responsible for managing login credentials, authorized users, content uploaded or processed through the Services, and any third-party components or integrations installed within Revion environments.

8. International Transfers
Where personal data is transferred internationally, Revion uses transfer mechanisms and safeguards required by applicable law.

9. Data Subject Requests
Where legally required, Revion will assist Customer in responding to data subject rights requests. If Revion receives a request directly, it may refer the requester to Customer unless otherwise required by law.

10. Data Return and Deletion
Upon termination of the Services, Customer data will be removed in accordance with Revion’s data retention and cancellation policies. Customer is responsible for exporting or backing up data prior to termination unless covered under a contracted backup plan.

11. Requesting a Signed DPA
Customers may request a signed DPA or request notification of subprocessor changes through the contact form at:
https://revion.com/company/contact/

Last Updated: January 5th, 2026

Scroll to Top