Korvix

Data Processing Addendum

Last updated: July 11, 2026

This Data Processing Addendum ("DPA") describes how Korvix ("Korvix", "we") processes personal data on your behalf. Where you are a business customer subject to data-protection laws (such as GDPR or UK GDPR), you are the controller and Korvix is the processor.

1. Scope and roles

Korvix processes personal data contained in the sites and search accounts you connect, solely to provide the service under our Terms and on your documented instructions (which include your configuration and autonomy settings).

2. Nature and purpose of processing

Crawling and analyzing your website; ingesting your Search Console metrics (read-only); proposing and, with your permission, executing SEO changes; and measuring outcomes.

3. Categories of data and data subjects

Primarily business and website data. Personal data is limited to your account contacts and any personal data incidentally present in your website content or search queries. Korvix does not require special-category data.

4. Sub-processors

We use vetted sub-processors to deliver the service. Current categories:

  • Payments — Stripe (billing).
  • Integrations you connect — Shopify (publishing), Google Search Console (search metrics, read-only).
  • Infrastructure — our cloud hosting and managed database provider.
  • Email — transactional email provider (when configured).
  • Monitoring — error and performance monitoring (when configured).

We will maintain an up-to-date list and give notice before adding a new sub-processor that materially changes processing.

5. Security measures

Encryption of integration credentials at rest (AES-256-GCM) and in transit (TLS); per-organization access isolation; secret redaction from API responses; least-privilege access; audit logging of executed actions. See our Privacy Policy.

6. International transfers

Where personal data is transferred across borders, we rely on appropriate safeguards (such as Standard Contractual Clauses) with our sub-processors.

7. Data subject requests and assistance

We will assist you, taking into account the nature of processing, in responding to data-subject requests and in meeting your security, breach-notification, and impact-assessment obligations.

8. Deletion and return

On termination or your request, we will delete or return personal data we process on your behalf, subject to legal retention requirements. You can trigger deletion directly by deleting a site or your account.

9. Breach notification

We will notify you without undue delay after becoming aware of a personal-data breach affecting your data.

10. Contact

Data-protection questions: support@korvixseo.com.