Data Processing Addendum
Last updated: July 11, 2026
This Data Processing Addendum ("DPA") describes how Korvix ("Korvix", "we") processes personal data on your behalf. Where you are a business customer subject to data-protection laws (such as GDPR or UK GDPR), you are the controller and Korvix is the processor.
1. Scope and roles
Korvix processes personal data contained in the sites and search accounts you connect, solely to provide the service under our Terms and on your documented instructions (which include your configuration and autonomy settings).
2. Nature and purpose of processing
Crawling and analyzing your website; ingesting your Search Console metrics (read-only); proposing and, with your permission, executing SEO changes; and measuring outcomes.
3. Categories of data and data subjects
Primarily business and website data. Personal data is limited to your account contacts and any personal data incidentally present in your website content or search queries. Korvix does not require special-category data.
4. Sub-processors
We use vetted sub-processors to deliver the service. Current categories:
- Payments — Stripe (billing).
- Integrations you connect — Shopify (publishing), Google Search Console (search metrics, read-only).
- Infrastructure — our cloud hosting and managed database provider.
- Email — transactional email provider (when configured).
- Monitoring — error and performance monitoring (when configured).
We will maintain an up-to-date list and give notice before adding a new sub-processor that materially changes processing.
5. Security measures
Encryption of integration credentials at rest (AES-256-GCM) and in transit (TLS); per-organization access isolation; secret redaction from API responses; least-privilege access; audit logging of executed actions. See our Privacy Policy.
6. International transfers
Where personal data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses) with our sub-processors.
7. Data subject requests and assistance
We will assist you, taking into account the nature of processing, in responding to data-subject requests and in meeting your security, breach-notification, and impact-assessment obligations.
8. Deletion and return
On termination or your request, we will delete or return personal data we process on your behalf, subject to legal retention requirements. You can trigger deletion directly by deleting a site or your account.
9. Breach notification
We will notify you without undue delay after becoming aware of a personal-data breach affecting your data.
10. Contact
Data-protection questions: support@korvixseo.com.