Skip to content
CloudVNO

Data Processing Agreement

GDPR-compliant data processing agreement between CloudVNO and its customers.

Last updated: March 1, 2026

Overview

This Data Processing Agreement ("DPA") forms part of the CloudVNO Terms of Service and governs the processing of personal data by CloudVNO on behalf of customers ("Controllers") in connection with the CloudVNO platform.

This DPA is entered into between CloudVNO ("Processor") and the customer entity that has accepted the Terms of Service ("Controller").

Definitions

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data
  • Data Subject: The natural person whose personal data is processed
  • Sub-processor: A third party engaged by CloudVNO to process personal data on the Controller's behalf

Scope of Processing

Subject matter: Providing the CloudVNO CPaaS platform (SMS, Voice, Verification, Number Intelligence, AI Voice Infrastructure, and related services)

Duration: The duration of the CloudVNO Terms of Service

Nature: Transmission, routing, storage (temporary), and delivery of communications; logging of API requests; fraud detection

Categories of data subjects: The Controller's end users, customers, or employees whose phone numbers or communications are processed through the platform

Categories of personal data: Phone numbers, message content (where applicable), call metadata, IP addresses, verification codes

Processor Obligations

CloudVNO, as Processor, shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure that persons authorized to process personal data are bound by confidentiality
  • Implement appropriate technical and organizational security measures (see Security section)
  • Assist the Controller in fulfilling data subject rights requests
  • Delete or return personal data upon termination of the agreement
  • Make available all information necessary to demonstrate compliance with this DPA

Sub-processors

CloudVNO uses the following categories of sub-processors:

  • Cloud infrastructure providers (geo-distributed data centers)
  • Payment processors
  • Email delivery services
  • Security and fraud detection services

A current list of sub-processors is available at cloudvno.com/legal/sub-processors. We will provide 30 days' notice before adding new sub-processors.

Security Measures

Technical and organizational measures include:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access controls with principle of least privilege
  • Audit logging of data access
  • Regular security assessments
  • Incident response procedures with 72-hour notification for personal data breaches

International Transfers

Where personal data is transferred outside the EEA, CloudVNO relies on Standard Contractual Clauses (SCCs) as approved by the European Commission, or equivalent transfer mechanisms.

Data Retention and Deletion

Message content is processed in transit and not stored beyond delivery confirmation. API logs and metadata are retained for 90 days. Upon termination, personal data is deleted within 30 days unless longer retention is required by law.

Contact

dpa@cloudvno.com CloudVNO, Dubai, UAE