Data Processing Agreement between Slotivo and its customers
Last updated: 02/25/2026
This Data Processing Agreement (DPA) applies to the processing of personal data by Slotivo on behalf of the Customer (the business using Slotivo). The Customer is the Data Controller. Slotivo is the Data Processor. Personal data includes any information relating to identified or identifiable individuals, such as end customer names, email addresses, phone numbers, and booking details.
Slotivo processes personal data only as necessary to provide the platform services and in accordance with the Customer's instructions. Processing activities include hosting the Customer's website, managing bookings, sending confirmations and reminders, and providing analytics. Slotivo will not process personal data for any other purpose without the Customer's prior consent.
Slotivo implements appropriate technical and organizational measures to protect personal data, including TLS/SSL encryption in transit, logical tenant isolation, access controls, regular backups, and incident monitoring. These measures are designed to ensure the ongoing confidentiality, integrity, and availability of processing systems.
Slotivo uses subprocessors to provide parts of the service. A current list is available on the Subprocessors page. Slotivo will notify the Customer of any new subprocessors at least 14 days before they begin processing data. The Customer may object to a new subprocessor by contacting Slotivo within 14 days of notification.
Where personal data is transferred outside the EEA, Slotivo ensures appropriate safeguards are in place, such as Standard Contractual Clauses or equivalent mechanisms approved by the European Commission.
In the event of a personal data breach, Slotivo will notify the Customer without undue delay and no later than 72 hours after becoming aware of the breach. The notification will include the nature of the breach, the categories and approximate number of individuals affected, and the measures taken to address the breach.
Slotivo will assist the Customer in responding to requests from data subjects exercising their rights under GDPR, including access, rectification, erasure, and data portability requests.
Upon termination of the service, Slotivo will delete all personal data processed on behalf of the Customer within 30 days, unless retention is required by law. The Customer may request a data export before deletion.
The Customer has the right to request information about Slotivo's data processing activities and compliance with this DPA. Audit requests should be directed to slotivo.dev@gmail.com.