Legal
Data Processing Agreement
Voltasis offers Data Processing Agreements (DPAs) for organizations that require formal documentation of how we process and protect your data.
Last updated: March 11, 2026
Who Needs a DPA?
A Data Processing Agreement is a legally binding document that governs the relationship between a data controller (your organization) and a data processor (Voltasis). You may need a DPA if your organization:
- Operates under GDPR, CCPA, or other data protection regulations
- Has internal data governance policies that require vendor agreements
- Processes personal data of employees, contractors, or clients through Voltasis
- Is subject to industry-specific compliance requirements (healthcare, finance, government, etc.)
- Needs to demonstrate due diligence in vendor data handling to auditors or regulators
What Our DPA Covers
Our DPA is designed to meet the requirements of major data protection frameworks and covers the following areas:
- Customer data processing purposes and scope — clearly defines what data Voltasis processes, why, and the lawful basis for processing
- Data isolation and multi-tenancy controls — how we ensure your organization's data is logically separated from other customers
- Sub-processor disclosure — a complete list of third-party services involved in data processing, with notification of changes
- Breach notification procedures — our commitment to notify you within 72 hours of discovering a data breach affecting your data
- Data retention and deletion on termination — how long data is retained after your contract ends and the process for permanent deletion
- Security measures and technical controls — encryption at rest and in transit, access controls, audit logging, and infrastructure security
Sub-processors
Voltasis uses the following sub-processors to deliver our service. We will notify DPA holders of any changes to this list.
| Sub-processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud infrastructure — compute, database, storage, authentication, email delivery, CDN | United States |
| Stripe | Payment processing and subscription billing | United States |
| Xero Limited | Accounting integration (for customers who connect their Xero account) | Australia, United States, United Kingdom |
| Plausible Analytics | Privacy-focused website analytics (marketing site only, no personal data) | European Union |
How to Request a DPA
To request a Data Processing Agreement, reach out to us through our contact page. Please include your organization name and any specific requirements or regulatory frameworks you need the DPA to address.
We also welcome security questionnaires and vendor assessment requests. If your procurement or compliance team requires additional documentation about our data handling practices, we're happy to assist.
Enterprise & Regulated Customers
If your organization has specific compliance requirements — such as HIPAA, SOC 2, or sector-specific data protection regulations — we can work with your legal team to tailor our DPA to your needs. Contact us to discuss your requirements.