Data Processing Agreement
Last updated · May 1, 2026
VEXOCORE acts as a processor on behalf of customers (controllers) when delivering paid services. This DPA, including the EU SCCs and UK IDTA addendum, governs that relationship and forms part of the Master Services Agreement.
Roles
Customer is the controller; VEXOCORE is the processor. Sub-processors are listed below and may be updated with 30 days’ notice.
Cross-border transfers
We rely on EU SCCs (module 2 or 3 as applicable), the UK IDTA Addendum, and the EU–US Data Privacy Framework for US-based processing.
Security measures
See our Trust Center for the full set of technical and organisational measures.
Sub-processors
| Name | Purpose | Region(s) |
|---|---|---|
| Amazon Web Services | Primary cloud infrastructure | EU, US, APAC |
| Cloudflare | Edge CDN & DDoS protection | Global |
| Resend | Transactional email delivery | US |
| Inngest | Background job orchestration | US |
| Sentry | Application error monitoring | EU |
| Meilisearch Cloud | Content search index | EU |
Request a counter-signed copy
Email legal@vexocore.io with your entity name and DPO contact, and we’ll return a signed DPA within 24 hours.