Data Processing Agreement

This Data Processing Agreement (“DPA”) governs ViewExport LLC’s processing of personal data subject to the EU General Data Protection Regulation (EU GDPR) and the UK General Data Protection Regulation (UK GDPR). This DPA only applies to the extent required by applicable data protection laws, such as where:

You are established in the EEA, UK, or Switzerland;

You process data of individuals located in those jurisdictions in a manner subject to EU/UK GDPR; or

International data transfers from these regions to ViewExport LLC are involved.

This DPA forms part of the ViewExport Terms of Service only for those Customers to whom the GDPR or UK GDPR applies. If your data processing activities are not subject to these regulations (e.g., users based solely in the U.S. or other non-GDPR jurisdictions), this DPA does not apply.

Territorial Scope

This DPA applies solely to the extent that the processing of personal data by ViewExport LLC is governed by:

• Regulation (EU) 2016/679 (GDPR);
• The UK Data Protection Act 2018 and the UK GDPR;
• Or other local implementations of the GDPR in the European Economic Area (EEA).

If your use of ViewExport services does not involve the processing of personal data subject to these laws, this DPA does not apply to you.

Agreement

1. Definitions"Personal Data" means any information relating to an identified or identifiable natural person under EU or UK GDPR. "Processing" means any operation performed on Personal Data. "Sub-Processor" means any third party engaged by ViewExport to process Personal Data. "SCCs" means the Standard Contractual Clauses approved by the EU or UK for international data transfers.

2. Scope and Roles
You (the Controller) authorize ViewExport LLC (the Processor) to process Personal Data only to provide the agreed services and only on documented instructions.

3. Nature and Purpose of Processing
Subject Matter: Use of the ViewExport platform.
Duration: For the term of your contract with ViewExport.
Purpose: Delivering Slack message archiving, export, and analytics services.
Categories of Data: Name, email, IP address, Slack messages and archives, channel names and membership metadata, user IDs and display names, timestamps, account settings, usage logs and system activity, support communications, billing and payment data (if applicable).
Data Subjects: Your employees, contractors, Slack workspace users and members.

4. Security and Confidentiality
ViewExport will implement and maintain appropriate technical and organizational security measures. All personnel with access to Personal Data are under confidentiality obligations. Access is limited and monitored.

5. Sub-Processors
ViewExport may engage Sub-Processors to deliver its services. All Sub-Processors must meet obligations equivalent to this DPA. You will be notified of any new Sub-Processors and may object on reasonable grounds. Current Sub-Processors include: Render.com, Amazon Web Services (AWS), New Relic, Crisp, Profitwell, Stripe, PostHog, OpenAI, Anthropic, Slack (for internal support). On request, ViewExport will provide information reasonably necessary to demonstrate Sub-Processor compliance.

6. Data Subject Rights
ViewExport will assist you in responding to data subject requests for access, rectification, erasure, restriction, and portability under EU and UK GDPR. If ViewExport receives a data subject request directly, it will promptly forward it to you unless legally prohibited.

7. Breach Notification
ViewExport will notify you without undue delay if it becomes aware of a Personal Data breach. Such notice will include details of the breach, affected data, and mitigation measures.

8. Retention and Deletion
When your contract ends, ViewExport will delete or return Personal Data if you request us to do so, and securely delete residual data unless required by law to retain it.

9. Audits and Compliance
You may audit ViewExport’s compliance with this DPA once per year with at least 30 days’ written notice, unless otherwise required by law. ViewExport will also assist you in verifying Sub-Processor obligations to the extent legally required.

10. International Transfers
Personal Data may be transferred and processed outside the EEA or UK, including in the United States. ViewExport will ensure such transfers comply with EU GDPR and UK GDPR using SCCs, the UK IDTA or Addendum, the EU-U.S. Data Privacy Framework (if applicable), or other approved transfer mechanisms. ViewExport will cooperate with you to complete any required Transfer Risk Assessment (TRA).

11. Liability
ViewExport is liable for breaches of this DPA caused by its failure to comply with its obligations. ViewExport is not liable for acts or omissions of authorized Sub-Processors, provided it has met its due diligence and contractual safeguard obligations. ViewExport will indemnify you for direct damages or regulatory penalties arising solely from its material breach of this DPA or applicable data protection law, subject to the limitations in our Terms of Service.

12. Termination
Either party may terminate this DPA immediately by written notice if:

• the other party commits a material breach and fails to remedy it within 30 days of written notice;
  
• continuing processing would violate applicable EU or UK data protection laws;
  
• required by a competent data protection authority.
  Additionally, ViewExport may suspend or terminate processing if you materially breach the Terms of Service, including for non-payment, misuse, or violation of applicable laws. Termination does not affect your obligation to pay for services already provided.
  

13. Governing Law
This Agreement is governed by EU GDPR, UK GDPR, and the laws of Oregon, United States. Where conflicts arise, the applicable EU or UK data protection law will prevail for data protection matters.

Contact
If you have questions about this DPA, please contact us at privacy[at]viewexport.com.