Data Processing Agreement (DPA)
日本語Last updated: March 13, 2026
This Data Processing Agreement ("DPA") applies when Volta Networks K.K. ("Processor") processes personal data on behalf of the customer ("Controller") through its cloud-based CRM service "DealHub" ("the Service"). This DPA forms part of the Terms of Service.
1. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person stored in the Service by the Controller
- Processing: Any operation performed on personal data (collection, storage, use, transmission, deletion, etc.)
- Data Subject: A natural person identified by personal data
2. Scope & Purpose of Processing
| Purpose | Providing CRM functionality (contact management, email campaigns, task management, etc.) |
|---|---|
| Data Types | Names, email addresses, phone numbers, company names, deal information, email content |
| Data Subjects | Controller's customers, prospects, and business contacts |
| Duration | For the duration of the Controller's account. Complete deletion within 72 hours of deletion request. |
3. Processor Obligations
- Process personal data only on the Controller's documented instructions
- Ensure persons authorized to process data are bound by confidentiality obligations
- Implement appropriate technical and organizational measures per GDPR Article 32
- Not engage sub-processors without prior written authorization from the Controller
- Assist the Controller in fulfilling data subject rights requests
- Delete or return all personal data upon termination of the agreement
4. Security Measures
- TLS/HTTPS encryption for all communications
- Passwords hashed with scrypt algorithm
- Row-Level Security (RLS) for tenant data isolation
- Role-Based Access Control (RBAC)
- Daily backups with disaster recovery plan
- Audit logging (retained for 1 year)
- Multi-factor authentication (MFA/OTP) support
5. Sub-processors
| Sub-processor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | United States (EU-U.S. DPF certified) |
Server infrastructure is hosted on VPS in Japan. Personal data is not transferred outside Japan (except for Stripe payment processing).
6. Data Breach Notification
The Processor shall notify the Controller without undue delay (and no later than 72 hours) upon becoming aware of a personal data breach. The notification shall include the nature of the breach, approximate number of affected data subjects, likely consequences, and measures taken by the Processor.
7. Contact
For questions regarding this DPA, please contact customer@voltanetworks.jp.