Data Processing Agreement
Last updated: June 18, 2026
This page summarizes how dolv processes personal data on behalf of customers under the GDPR, UK GDPR, and CCPA/CPRA. It is offered as a standard, countersignable DPA — to receive an executed copy for your records, email privacy@dolv.work with your legal entity name and we will return a signed agreement.
- 1. Roles
- 2. Scope & purpose of processing
- 3. Subprocessors
- 4. Security measures
- 5. Data-subject rights & deletion
- 6. International transfers
- 7. How to request a signed DPA
1. Roles
For customer data you submit to the service, you are the data controller and dolv is the data processor, processing that data only on your documented instructions (your use of the product) and for the purpose of providing the service.
2. Scope & purpose of processing
dolv processes the data you and your connected tools provide — company knowledge, contacts and deals, content, and funnel metrics — to plan, execute (with your approval), and measure marketing and sales work. Processing lasts for the term of your account plus any short retention window described in the Privacy Policy.
3. Subprocessors
dolv uses the subprocessors listed at /subprocessors, each bound by confidentiality and security obligations. We will provide notice before adding or replacing a subprocessor that processes customer data.
4. Security measures
We apply least-privilege OAuth scopes, encryption in transit, tenant isolation, and a human-in-the-loop approval gate for outbound actions. See Security for details. We will notify you without undue delay upon becoming aware of a personal-data breach affecting your data.
5. Data-subject rights & deletion
dolv will assist you in responding to data-subject requests (access, correction, deletion, portability). You can erase your workspace and all of its data yourself at any time in Settings → Workspace → Delete workspace & data, or email privacy@dolv.work and we will action erasure within the period required by applicable law.
6. International transfers
Where data is transferred internationally (e.g. to US-based subprocessors), transfers are made under appropriate safeguards such as the EU Standard Contractual Clauses, supplemented as needed.
7. How to request a signed DPA
Email privacy@dolv.work with your company name and the signatory's details. We will return a countersigned DPA incorporating the subprocessor list above. This page is a summary and does not by itself constitute legal advice.