Skip to content

Legal

Data Processing Addendum

This DPA applies when Vibely processes personal data on your behalf and forms part of your agreement with us. Enterprise customers can request a countersigned copy.

Last updated June 1, 2026

1.Roles

You are the controller of personal data inside your workspace; Vibely is the processor.

For account and billing data, Vibely acts as an independent controller as described in the Privacy Policy.

2.Processing terms

We process personal data only on your documented instructions, including with regard to international transfers.

Personnel with access are bound by confidentiality. Sub-processors are listed publicly and bound by equivalent terms; we give 30 days' notice before adding one.

3.Transfers

Transfers outside the EEA/UK rely on the EU Standard Contractual Clauses (2021/914) and the UK Addendum, plus supplementary technical measures.

4.Assistance & audits

We assist with data subject requests, DPIAs, and breach notifications — confirmed breaches are notified without undue delay and within 72 hours.

Once per year, you may audit our compliance via our SOC 2 report and security packet, or an on-site review for enterprise agreements.

5.Deletion

On termination, workspace personal data is deleted or returned within 35 days, subject to legal retention duties.

Questions about this document? Write to legal@vibely.ai — we answer legal mail like support mail: quickly and in plain language.

Paperwork read. Canvas awaits.

Free plan · No credit card · Exports you own