Data Processing Agreement
Last updated: 26 June 2026
This Data Processing Agreement ("DPA") describes how Lirova processes personal data on your behalf when you use the service. It forms part of our Terms of Service.
Roles of the parties
For personal data of your customers processed through Lirova, you act as the data controller and Lirova acts as the data processor.
Scope of processing
We process personal data only to provide the recovery service: classifying failed payments, scheduling retries, and sending the dunning communications you have enabled.
Subprocessors
We use vetted subprocessors, such as hosting and messaging providers, to deliver the service, and require them to meet appropriate data-protection obligations.
Security measures
We apply technical and organisational measures appropriate to the risk, including access controls and encryption in transit. We do not store full card numbers.
International transfers
Where personal data is transferred across borders, we rely on appropriate safeguards as required by applicable law.
Data subject requests
Taking into account the nature of the processing, we assist you in responding to requests from data subjects exercising their rights.
Return and deletion
On termination, we delete or return the personal data processed on your behalf, except where retention is required by law.
Audit
On reasonable request, we make available the information necessary to demonstrate compliance with this DPA.