Data Processing Agreement

Last Updated: 2024-01-15

1. INTRODUCTION

This Data Processing Agreement ("DPA") forms part of the Terms of Service between VU Digital Privacy Solutions LLC ("VuAppStore", "we", "us") and you ("Customer", "you") regarding the processing of personal data in connection with the VuAppStore services.

This DPA reflects the parties' agreement on the terms governing the processing of personal data in accordance with the requirements of applicable Data Protection Laws, including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

2. DEFINITIONS

  • "Data Protection Laws" means all applicable laws relating to the processing of personal data including GDPR, CCPA, and other applicable privacy laws.
  • "Personal Data" has the meaning given in applicable Data Protection Laws.
  • "Processing" has the meaning given in applicable Data Protection Laws.
  • "Data Controller" means the entity that determines the purposes and means of processing personal data.
  • "Data Processor" means the entity that processes personal data on behalf of the Data Controller.

3. SCOPE AND ROLES

3.1 Data Controller

For the purposes of this DPA, you (the Customer) act as the Data Controller for any personal data you process using VuAppStore services.

3.2 Data Processor

VuAppStore acts as a Data Processor when processing personal data on your behalf in connection with the provision of our services.

3.3 Minimal Data Processing

VuAppStore is designed with privacy-by-design principles. We process minimal personal data:

  • Account email address (for service delivery)
  • Payment information (cryptocurrency transactions only - Monero, Lightning, BTC, ETH - not stored by us)
  • Download history (for re-download purposes)
  • Support communications (when you contact us)

4. PROCESSING INSTRUCTIONS

4.1 Lawful Instructions

VuAppStore will process personal data only in accordance with:

  • Your documented lawful instructions as set out in this DPA and the Terms of Service
  • Applicable Data Protection Laws
  • Our Privacy Policy

4.2 Purpose Limitation

Personal data will be processed solely for the purpose of providing VuAppStore services and not for any other purpose without your explicit consent.

5. SECURITY MEASURES

5.1 Technical and Organizational Measures

VuAppStore implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption: All data encrypted at rest and in transit using AES-256 encryption
  • Access Controls: Role-based access controls and multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and secure network protocols
  • Regular Audits: Security assessments and penetration testing
  • Incident Response: Documented procedures for security incident management

5.2 Zero-Knowledge Architecture

Where technically feasible, VuAppStore implements zero-knowledge architecture ensuring that even VuAppStore cannot access your personal data.

6. SUB-PROCESSORS

6.1 Authorized Sub-Processors

VuAppStore may engage the following sub-processors:

  • Cryptocurrency Networks - Decentralized payment processing (Monero, Lightning Network, Bitcoin, Ethereum) - no centralized third party
  • Amazon Web Services - Cloud infrastructure (SOC 2 Type II certified)
  • Cloudflare, Inc. - Content delivery and security

6.2 Sub-Processor Obligations

All sub-processors are bound by data protection obligations equivalent to those set out in this DPA.

7. DATA SUBJECT RIGHTS

7.1 Assistance with Rights Requests

VuAppStore will assist you in responding to data subject rights requests, including:

  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing

7.2 Response Time

We will respond to data subject rights requests within 30 days of receipt, or as required by applicable law.

8. DATA TRANSFERS

8.1 International Transfers

Personal data may be transferred to and processed in countries outside the European Economic Area. All such transfers will be protected by appropriate safeguards as required by GDPR.

8.2 Transfer Mechanisms

We rely on the following mechanisms for international data transfers:

  • EU-US Data Privacy Framework
  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission

9. DATA BREACH NOTIFICATION

9.1 Notification Obligation

VuAppStore will notify you without undue delay after becoming aware of a personal data breach affecting your data, and in any case within 72 hours.

9.2 Breach Information

Breach notifications will include:

  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

10. DATA RETENTION AND DELETION

10.1 Retention Period

Personal data will be retained only for as long as necessary to provide the services or as required by law.

10.2 Deletion

Upon termination of services or upon your request, VuAppStore will delete or return all personal data within 30 days, except where retention is required by law.

11. AUDITS AND COMPLIANCE

11.1 Audit Rights

You have the right to audit VuAppStore's compliance with this DPA, subject to reasonable notice and confidentiality obligations.

11.2 Compliance Documentation

VuAppStore will provide reasonable assistance and information to demonstrate compliance with this DPA and applicable Data Protection Laws.

12. LIABILITY AND INDEMNIFICATION

12.1 Limitation of Liability

Each party's liability under this DPA is subject to the limitation of liability provisions in the Terms of Service.

12.2 Indemnification

VuAppStore will indemnify you against claims arising from VuAppStore's non-compliance with this DPA, subject to the terms of the main agreement.

13. TERM AND TERMINATION

This DPA will remain in effect for as long as VuAppStore processes personal data on your behalf. Upon termination, the data deletion provisions in Section 10 will apply.

14. CONTACT INFORMATION

For questions regarding this DPA or data protection matters, please contact:

Data Protection Officer
Email: privacy@vuappstore.com
Address: VU Digital Privacy Solutions LLC
1209 Orange Street
Wilmington, DE 19801
United States

Questions?

If you have any questions about this data processing agreement, please contact us at:

legal@vuappstore.com