Customer data on the Vuabl platform
When you use the Vuabl platform (separately from this marketing website), we act as a data processor for the personal data you submit. We process that data under a written Data Processing Agreement (DPA), aligned to UK GDPR Article 28 and the EU GDPR equivalent where applicable.
Requesting the DPA
A signed-counterpart DPA is part of every enterprise contract. We're happy to share the template in advance for procurement and legal review. Request the procurement pack — we'll include the DPA, sub-processor list, security questionnaire and insurance certificates.
Sub-processors
A current sub-processor list is maintained and made available to customers under the DPA. The list includes each sub-processor's name, purpose, region and a brief description of the data processed. We notify customers in advance of material changes.
UK data residency
By default, customer data is stored in UK regions. Region pinning to specific UK sub-regions is available on enterprise plans.
Security
Vuabl implements organisational and technical security measures appropriate to the risk, including: encryption in transit and at rest, role-based access control, activity logging, regular vulnerability scanning and third-party penetration testing on a periodic basis. Specifics are included in the security questionnaire response.
Sub-processor change notifications
Customers under a DPA receive advance notice of new sub-processors and have the right to object as set out in the DPA.
Contact
For DPA and data-processing queries: privacy@vuabl.io.