Last updated: July 14, 2026
DRAFT - Pending Execution. This Data Processing Agreement is prepared and ready for execution once Veyrateam LLC receives final state approval. No party shall sign or execute this document until the LLC is legally registered. This draft is provided for review purposes only.
This Data Processing Agreement ("DPA") is entered into by and between Veyrateam LLC ("Processor") and the client entity identified in the signed Service Agreement ("Controller"). This DPA forms part of and is incorporated into the Veyra Team Service Agreement and Terms of Service available at veyrateam.com/terms.
Veyrateam LLC processes Personal Data on behalf of the Controller solely for the purpose of providing the services described in the Service Agreement, including but not limited to:
Veyrateam LLC shall not process Personal Data for any purpose other than providing the agreed services. No data is sold, shared for advertising, or used for Veyrateam LLC's own commercial purposes beyond the portfolio rights granted in the Service Agreement (which cover only the visual design of the website, not Personal Data).
| Category | Examples | Retention |
|---|---|---|
| Contact Information | Names, email addresses, phone numbers from client contact forms | Duration of service + 30 days |
| Voice Call Data | Caller name, phone number, call transcript, booking outcome | Duration of service + 30 days |
| Lead / CRM Data | Prospect names, contact details, interaction notes | Duration of service + 30 days |
| Business Data | Business name, address, hours, FAQ content provided by Controller | Duration of service |
Veyrateam LLC agrees to:
4.1 Process Personal Data only on documented instructions from the Controller, including with regard to transfers of Personal Data to a third country or international organization, unless required to do so by law.
4.2 Ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
4.3 Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
4.4 Notify the Controller without undue delay (and in any case within 72 hours) after becoming aware of a Personal Data breach, providing all relevant details and cooperating with the Controller's breach response.
4.5 Assist the Controller in responding to data subject requests (access, deletion, correction, portability) where applicable.
4.6 Make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits.
Veyrateam LLC engages the following third-party services that may access or process Personal Data in the course of providing services to the Controller. The Controller grants Veyrateam LLC general authorization to use these sub-processors. Veyrateam LLC shall remain liable for the performance of each sub-processor.
| Sub-Processor | Service | Data Accessed |
|---|---|---|
| Stripe, Inc. | Payment processing | Billing data (not Personal Data from contact forms) |
| Google (Workspace, Places API) | Email, business data enrichment | Email metadata, business listing data |
| Vapi.ai | Voice AI receptionist | Caller phone number, call audio/transcript |
| Base44 (platform infrastructure) | Database hosting, backend services | All Personal Data stored in CRM entities |
| Cloudflare, Inc. | CDN, DNS, hosting | Website traffic metadata |
| DocuSign, Inc. | Electronic signatures | Signer name, email, signature |
| Calendly | Appointment scheduling | Booking name, email, phone (Controller's Calendly account) |
Veyrateam LLC will notify the Controller at least 14 days in advance of any new sub-processor, giving the Controller the opportunity to object.
Veyrateam LLC maintains the following security measures:
In the event of a Personal Data breach, Veyrateam LLC will:
7.1 Notify the Controller without undue delay and in any case within 72 hours of becoming aware of the breach.
7.2 Provide the Controller with: (a) the nature of the breach, (b) categories and approximate number of data subjects and records concerned, (c) likely consequences, and (d) measures taken or proposed to address the breach and mitigate its effects.
7.3 Cooperate with the Controller in any notification to data subjects or regulatory authorities where required by law.
7.4 Document all breaches, including facts, effects, and remedial action, for future audit.
Upon termination of the Service Agreement, and at the Controller's request, Veyrateam LLC will:
The Controller agrees to:
The Controller may, at its own expense and with reasonable notice (at least 14 days), audit Veyrateam LLC's compliance with this DPA. Audits may be conducted internally or by a third-party auditor, provided the auditor signs a confidentiality agreement. Veyrateam LLC will provide reasonable access to relevant documentation and systems.
Both parties agree to maintain the confidentiality of any Personal Data and proprietary information shared under this DPA. This obligation survives termination of the Service Agreement.
This DPA is governed by the laws of the State of Florida, without regard to conflict of law principles. Any disputes arising from this DPA shall be resolved in the courts of Orange County, Florida, or as otherwise agreed in the Service Agreement.
Veyrateam LLC may update this DPA from time to time to reflect changes in law, technology, or business practices. Material changes will be communicated to the Controller at least 30 days in advance. Continued use of services after the effective date constitutes acceptance of the updated DPA.
For questions about this DPA or data handling practices, contact:
Veyrateam LLC
Email: partner@veyrateam.com
Orlando, FL
This DPA becomes effective upon signature by both parties. It remains in effect for the duration of the Service Agreement and survives termination solely for the purpose of completing data deletion obligations.
Pending execution - to be signed once Veyrateam LLC state registration is finalized.