← Back to Trust Center
Last Updated: June 1, 2026
DPA Addendum
Review the B2B Data Processing Addendum (DPA) and GDPR data transfer compliance terms at CYPHEX Agency.
person
1. Scope and Roles
In providing custom software integrations, client portals, and SaaS services (such as Voxis voice networks), the roles are defined as:
- The Client: Acts as the Data Controller, maintaining complete authority over what personal data is captured and processed.
- CYPHEX Agency: Acts as the Data Processor, handling personal data strictly under written instruction from the Client.
list
2. Processing Operations & Categories
Processing is restricted to customer databases, client logs, user configuration keys, and transient AI inputs. Data typically processed includes:
- Customer profile details (name, corporate email, role identification).
- System usage statistics and dynamic IP addresses for rate-limiting.
- Voice transcripts and API text inputs processed in real-time by the Voxis AI agents (stored in RAM and deleted automatically).
shield
3. Technical Security Actions
We implement comprehensive organizational and technical security policies to safeguard all client datasets:
- Isolated Servers: Database tables are segregated per enterprise customer (no shared database pools).
- Encryption Standards: Data is encrypted in transit using TLS 1.3 and at rest using AES-256 standards.
- Access Limitations: Staff access to client database environments is audited, requiring multi-factor authentication (MFA).
warning
4. Security Breach Response
CYPHEX maintains a 24/7 security incident response desk. In the event of a verified unauthorized database access, we will notify affected Data Controllers within 72 hours of verification, offering complete audit logs and remediation steps.