Last updated: June 11, 2026
This Data Processing Addendum (“DPA”) forms part of the agreement between AVoIP Guard LLC (“Processor”) and the customer (“Customer” or “Controller”) that references this DPA (the “Agreement”).
Capitalized terms used but not defined in this DPA have the meanings given to them in the Agreement or in applicable data protection laws (including the CCPA/CPRA and, where applicable, the GDPR).
This DPA applies to the processing of Personal Data by Processor on behalf of Customer in connection with Customer’s use of the AVoIP Guard service. In this context:
Processor will process Personal Data for the duration of the Agreement plus any retention periods set forth in the Privacy Policy (typically 30 days for network flow metadata, unless earlier deletion is requested).
Processor processes Personal Data solely to provide, maintain, and improve the AVoIP Guard cybersecurity visibility and remediation platform. This includes analyzing network flow metadata (NetFlow/IPFIX) to detect threats and anomalies in AV-over-IP environments.
Important: Processor does not inspect, store, or process the actual media content (audio, video, or data streams) transmitted over Customer’s network. Processing is limited to metadata only.
| Category | Examples |
|---|---|
| Account & Contact Data | Name, email, company, job title, phone (optional) |
| Network Flow Metadata | Source/destination IP addresses, ports, protocol, flow volume, timestamps |
| Billing Data | Payment information (processed via Stripe) |
Data Subjects: Customer’s employees, contractors, and end users whose network traffic generates the flow metadata.
Processor agrees to:
Customer authorizes Processor to engage the following categories of sub-processors:
Processor will maintain an up-to-date list of sub-processors and will notify Customer of material changes. Processor remains responsible for the acts and omissions of its sub-processors.
Processor will maintain appropriate technical and organizational measures to protect Personal Data against unauthorized access, destruction, use, modification, or disclosure, consistent with industry standards for a service of this type.
Processor will, to the extent legally permitted and upon Customer’s request, provide reasonable assistance to Customer in responding to data subject access, correction, deletion, or other requests.
In the event of a confirmed Personal Data Breach affecting Customer data, Processor will notify Customer without undue delay and provide available information to help Customer meet its notification obligations under applicable law.
Upon termination of the Agreement or upon Customer’s written request, Processor will delete or return Customer’s Personal Data (at Customer’s election), except to the extent retention is required by law or the Agreement. Network flow metadata is automatically deleted after the retention period defined in the Privacy Policy (default 30 days).
Customer may request information about Processor’s security practices and compliance with this DPA. Upon reasonable notice, Processor will make available relevant documentation or, at Processor’s discretion, allow a mutually agreed third-party auditor to review relevant controls (subject to confidentiality obligations).
If Personal Data is transferred outside the United States, Processor will use appropriate safeguards (such as Standard Contractual Clauses or equivalent mechanisms) where required by applicable law.
Each party’s liability under this DPA is subject to the limitations and exclusions set forth in the Agreement. Nothing in this DPA is intended to create joint and several liability.
This DPA remains in effect for the duration of the Agreement. Provisions that by their nature should survive termination (including deletion obligations and liability) will survive.
Questions or notices regarding this DPA should be sent to:
privacy@avoipguard.com
This Data Processing Addendum was last updated on June 11, 2026.