Last updated: April 2026

This Data Processing Addendum ("DPA") forms part of your agreement with VoxRidge for VoxRidge Cloud and applies whenever VoxRidge processes Personal Data on your behalf as a Processor under the GDPR, UK GDPR, or equivalent legislation.

Scope of processing

• Subject matter: provision of the VoxRidge service.
• Duration: while you have an active subscription, plus 30 days for export.
• Nature & purpose: hosting, transmission, indexing, and analysis of telephony metadata and (if enabled) recordings, on your instruction.
• Categories of data subjects: your end users, customers, agents, and supervisors.
• Categories of personal data: phone numbers, names, email addresses, agent IDs, call timestamps, optionally call audio.

Processor obligations

• Process only on documented instructions.
• Ensure personnel are bound by confidentiality.
• Implement appropriate technical and organisational measures (described in the security overview).
• Engage sub-processors only as listed on the trust center, with prior notice of changes.
• Assist with data-subject requests and DPIAs.
• Notify you of personal-data breaches within 72 hours of discovery.
• Return or delete personal data on termination.

International transfers

Where personal data is transferred outside the EEA, UK, or Switzerland, the EU Standard Contractual Clauses (EU 2021/914) and UK Addendum apply, with VoxRidge as data importer as Module Two or Module Three as applicable.

Sub-processors

Current sub-processors are listed on the trust center. We will notify you at least 30 days in advance of any new sub-processor; you may object on reasonable grounds.

Audits

We make available the SOC 2 Type II report (when issued) under NDA. Customers paying $50,000+ per year may request an annual audit on reasonable notice.

Execution

This DPA is effective without signature for cloud customers. To request a counter-signed copy, email privacy@voxridge.com.