Vinevault is an independent backup service operated by Vinevault, LLC. We are not affiliated with, endorsed by, sponsored by, or certified by Rentvine LLC or any other property management software provider. Read more.
Vinevault is currently in private beta. Join the waitlist for early access.
Vinevault Request beta access

Vinevault Data Processing Agreement

Last updated: May 2026
Effective date: May 2026

1. Introduction

This Data Processing Agreement ("DPA") governs Vinevault's processing of Customer Data, Backup Data, Personal Information, and related data on behalf of Customer in connection with the Vinevault Services.

This DPA supplements the Vinevault Terms of Service, Privacy Policy, any applicable Beta Addendum, and any applicable Order, invoice, subscription confirmation, statement of work, or written agreement between Customer and Vinevault.

This DPA is intended to satisfy applicable controller-processor, business-service provider, and similar data processing contract requirements under applicable United States privacy and data protection laws.

2. Relationship to Terms of Service

Capitalized terms not defined in this DPA have the meanings given to them in the Vinevault Terms of Service or Privacy Policy.

If this DPA conflicts with the Terms of Service, Privacy Policy, Beta Addendum, Order, or other agreement between the parties, this DPA controls only with respect to Vinevault's processing of Customer Data, Backup Data, Personal Information, and related data on behalf of Customer. For all other matters, including limitation of liability, indemnification, warranties, governing law, venue, and dispute resolution, the Terms of Service control.

All provisions of the Terms of Service remain in effect except as expressly modified by this DPA.

3. Definitions

For purposes of this DPA:

"Applicable Privacy Laws" means all United States federal and state privacy, data protection, data security, breach notification, consumer privacy, and similar laws that apply to Vinevault's processing of Personal Information under this DPA.

"Authorized Subprocessor" means a third party engaged by Vinevault to process Customer Data, Backup Data, or Personal Information on behalf of Vinevault in connection with the Services.

"Controller" means the party that determines the purposes and means of processing Personal Information, including any equivalent term under Applicable Privacy Laws such as "business" under California privacy law.

"Customer Data" means the records, files, documents, data, and information copied from Customer's connected Property Management Software account as part of the Services.

"Backup Data" means the copy, snapshot, export, archive, report, file, or other backup record created by Vinevault from Customer Data.

"Downloaded Backup Data" means Backup Data that Customer or a User downloads, exports, copies, stores, transfers, prints, shares, or otherwise removes from Vinevault-controlled systems.

"Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked to an identifiable individual, household, or device, or as otherwise defined under Applicable Privacy Laws. Customer and Vinevault acknowledge that, given the categories of records typically stored in Property Management Software accounts (including resident, applicant, owner, vendor, and employee records), Customer Data and Backup Data will routinely contain Personal Information.

"Processing" means any operation or set of operations performed on Personal Information, Customer Data, or Backup Data, including access, collection, copying, retrieval, storage, hosting, encryption, transmission, disclosure, deletion, return, and other use necessary to provide the Services.

"Processor" means the party that processes Personal Information on behalf of a Controller, including any equivalent term under Applicable Privacy Laws such as "service provider" or "contractor" under California privacy law.

"Security Incident" means a breach of Vinevault's security that results in unauthorized access to or acquisition, disclosure, loss, misuse, alteration, or destruction of Customer Data, Backup Data, or Personal Information in Vinevault's possession or control. Security Incident does not include unsuccessful login attempts, pings, port scans, denial-of-service attacks, or other unsuccessful attacks that do not result in unauthorized access to Customer Data, Backup Data, or Personal Information.

"Services" means the Vinevault services described in the Terms of Service and applicable Order.

"Subprocessor" means a third party engaged by Vinevault to process Customer Data, Backup Data, or Personal Information on behalf of Vinevault in connection with the Services.

4. Roles of the Parties

For Customer Data and Backup Data processed by Vinevault on behalf of Customer, Customer is the Controller and Vinevault is the Processor.

For Personal Information that Vinevault collects directly for its own business purposes, such as account administration, billing, website operation, customer relationship management, service communications, legal compliance, and business records, Vinevault acts as an independent Controller. Vinevault's processing of that information is described in the Vinevault Privacy Policy and is not governed by this DPA except where expressly stated.

Customer is responsible for ensuring its use of the Services complies with Applicable Privacy Laws and other applicable laws based on the types of Personal Information stored in Customer's connected Property Management Software account.

5. Subject Matter and Duration of Processing

The subject matter of the Processing is Vinevault's provision of backup, archive, recordkeeping, customer portal, download, notification, support, and related services for Customer.

The duration of Processing begins when Customer connects a Property Management Software account, provides Account Credentials, creates an account, purchases Services, or otherwise makes Customer Data or Personal Information available to Vinevault, and continues until Customer Data and Backup Data are deleted or returned according to the Terms of Service, this DPA, the applicable Order, or written instructions from Customer.

Vinevault may retain limited audit logs and business records as described in the Terms of Service and Privacy Policy.

6. Nature and Purpose of Processing

Vinevault processes Customer Data, Backup Data, and Personal Information only as necessary to:

  • Provide, operate, maintain, secure, and support the Services
  • Connect to Customer's supported Property Management Software account
  • Create, store, host, encrypt, organize, and make available Backup Data
  • Process, encrypt, store, and use Account Credentials solely as necessary to connect to Customer's supported Property Management Software account and perform backup operations
  • Provide customer portal access
  • Provide download access
  • Send backup completion, failure, account, billing, renewal, cancellation, and service notifications
  • Troubleshoot technical, security, account, or support issues
  • Maintain audit logs and service records
  • Detect, prevent, investigate, or respond to security, fraud, abuse, misuse, or unlawful activity
  • Comply with applicable law, legal process, and regulatory obligations
  • Enforce the Terms of Service, this DPA, the applicable Order, and other agreements
  • Protect the rights, property, and safety of Vinevault, Customer, Users, and others

Vinevault will not process Customer Data or Backup Data for purposes unrelated to providing the Services unless required by law or expressly authorized by Customer in writing.

7. Categories of Data Processed

Customer Data and Backup Data may include, depending on what Customer stores in its connected Property Management Software account:

  • Property records
  • Owner records
  • Resident records
  • Applicant records
  • Vendor records
  • Employee or business contact records
  • Lease records
  • Property management agreements
  • Ledgers and transaction history
  • Payment history
  • Maintenance records
  • Inspection records
  • Communications
  • Notes and custom fields
  • Reports
  • Uploaded files and attachments
  • Identity-related records
  • Financial records
  • Screening-related records
  • Accommodation-related records
  • Legal records
  • Other records stored in Customer's connected Property Management Software account

Vinevault does not determine what Customer stores in its Property Management Software account and does not control the categories of Customer Data made available for backup.

8. Categories of Individuals

Customer Data and Backup Data may include Personal Information relating to:

  • Property owners
  • Residents
  • Applicants
  • Prospects
  • Vendors
  • Employees
  • Contractors
  • Guarantors
  • Emergency contacts
  • Business representatives
  • Property management company personnel
  • Other individuals whose information is stored in Customer's connected Property Management Software account

9. Customer Instructions

Customer instructs Vinevault to process Customer Data, Backup Data, and Personal Information only as necessary to provide the Services, comply with this DPA, comply with the Terms of Service, comply with the applicable Order, and follow Customer's documented instructions.

Customer's documented instructions include:

  • The Terms of Service
  • This DPA
  • The Privacy Policy, to the extent applicable
  • Any applicable Order
  • Customer's account settings
  • Customer's selected backup cadence
  • Customer's support requests
  • Customer's written instructions submitted through approved Vinevault support or account channels

Vinevault will process Customer Data and Backup Data according to Customer's documented instructions unless Vinevault is required to do otherwise by applicable law.

If Vinevault believes that an instruction (i) violates applicable law, (ii) creates a material security risk, (iii) exceeds the scope of the Services or is technically infeasible, or (iv) conflicts with a third party system limitation, Vinevault may decline to follow the instruction and will notify Customer where appropriate.

10. Customer Responsibilities

Customer controls the contents of the connected Property Management Software account and determines what Customer Data is made available to Vinevault through that account.

Customer is responsible for:

  • Providing any notices and obtaining any consents, permissions, authorizations, or legal rights required for Vinevault to process Customer Data and Backup Data
  • Ensuring Customer's use of the Services complies with Applicable Privacy Laws and other applicable laws
  • Ensuring Customer has authority to connect its Property Management Software account to Vinevault, and that doing so does not violate Customer's agreements with its Property Management Software provider
  • Responding to privacy rights requests from individuals whose Personal Information is contained in Customer Data or Backup Data
  • Securing and controlling Downloaded Backup Data
  • Managing Customer's Users, account access, Account Credentials, and internal permissions
  • Providing accurate instructions to Vinevault
  • Avoiding the transmission of Account Credentials, full backup files, or other sensitive Customer Data through email or support communications unless necessary for support and requested through an approved Vinevault support process

Customer acknowledges that Vinevault does not provide legal, privacy, compliance, records retention, accounting, tax, tenant screening, fair housing, or consumer reporting advice.

11. Customer Responsibility for Downloaded Backup Data

Once Customer or a User downloads, exports, copies, stores, transfers, prints, shares, or otherwise removes Backup Data from Vinevault-controlled systems, Customer is solely responsible for securing, storing, retaining, using, sharing, deleting, and controlling that Downloaded Backup Data.

Downloaded Backup Data may contain Personal Information, financial records, owner information, resident information, applicant information, vendor information, lease records, communications, documents, attachments, and other sensitive information.

Customer is responsible for protecting Downloaded Backup Data using appropriate safeguards, which may include encryption, password protection, access controls, secure storage, secure transmission methods, device security, internal retention policies, and deletion policies.

Vinevault is not responsible for Downloaded Backup Data after it leaves Vinevault-controlled systems. Vinevault does not control, monitor, retrieve, secure, or delete Downloaded Backup Data after it leaves Vinevault-controlled systems.

12. Vinevault Processing Restrictions

Vinevault does not act as a data broker with respect to Customer Data or Backup Data.

Vinevault will not:

  • Sell Customer Data or Backup Data
  • Share Customer Data or Backup Data for cross-context behavioral advertising
  • Use Customer Data or Backup Data for targeted advertising
  • Use Customer Data or Backup Data for profiling unrelated to the Services
  • Use Customer Data or Backup Data for artificial intelligence or machine learning model training
  • Use Customer Data or Backup Data for resale
  • Use Customer Data or Backup Data for unrelated product development
  • Use Customer Data or Backup Data to provide services to another customer
  • Retain, use, or disclose Customer Data or Backup Data for any purpose other than providing the Services or as otherwise permitted by this DPA, the Terms of Service, the applicable Order, or Applicable Privacy Laws
  • Combine Customer Data or Backup Data with Personal Information received from other customers or third parties except as necessary to provide the Services or as permitted by Applicable Privacy Laws

Vinevault may use aggregated, anonymized, or deidentified information for service improvement, security, reporting, analytics, product development, and business purposes, provided that such information does not identify Customer, any individual, or Customer's properties and cannot reasonably be used to reconstruct Customer Data or Backup Data.

13. Confidentiality

Vinevault will ensure that personnel authorized to process Customer Data, Backup Data, or Personal Information are subject to confidentiality obligations or professional confidentiality duties.

Vinevault will limit access to Customer Data, Backup Data, and Personal Information to personnel and Authorized Subprocessors who need access to provide, secure, maintain, or support the Services, comply with law, or enforce applicable agreements.

14. Security Measures

Vinevault will maintain reasonable administrative, technical, and organizational safeguards designed to protect Customer Data, Backup Data, Account Credentials, and Personal Information against unauthorized access, acquisition, disclosure, loss, misuse, alteration, and destruction.

14.1 Committed Safeguards

Vinevault maintains the following safeguards:

  • Encryption of Account Credentials at rest
  • Encryption of Customer Data and Backup Data at rest
  • TLS encryption for data in transit
  • Per-customer encryption key management through Amazon Web Services Key Management Service (AWS KMS)
  • Storage of Customer Data and Backup Data in United States AWS regions
  • Role-based access controls limiting personnel access to Customer Data and Backup Data on a need-to-know basis
  • Authentication controls for personnel and customer access
  • Audit logging of personnel and system access to Customer Data and Backup Data
  • Documented procedures for responding to suspected Security Incidents
  • Internal confidentiality obligations for personnel with access to Customer Data, Backup Data, or Personal Information

14.2 Additional Measures

Vinevault's security program may also include additional measures appropriate to the nature of the Services, including secure hosting infrastructure, vendor and subprocessor security review, vulnerability management, backup and deletion procedures, and other industry-standard controls.

Vinevault may update its security measures from time to time, provided that updates do not materially reduce the overall security of the Services.

Customer acknowledges that no method of transmission, storage, hosting, encryption, or access control is completely secure.

15. Security Incident Notice

If Vinevault becomes aware of a Security Incident involving Customer Data, Backup Data, or Personal Information in Vinevault's possession or control, Vinevault will notify Customer without unreasonable delay, and in any event within seventy-two (72) hours after Vinevault's confirmation of the Security Incident, except where a longer period is required by law enforcement or required to maintain the integrity of an active investigation.

Notice may be provided by email to the Customer's designated account contact, by customer portal notice, or by other reasonable means.

To the extent known and legally permitted at the time of notice, the notice will include information reasonably available to Vinevault regarding:

  • The nature of the Security Incident
  • The categories of data involved
  • The approximate date or period of the Security Incident
  • The steps Vinevault has taken or plans to take to investigate, mitigate, or remediate the Security Incident
  • Information reasonably needed by Customer to comply with Customer's own legal obligations

Where information is not available at the time of initial notice, Vinevault will provide updates as additional information becomes reasonably available.

Vinevault's notice of or response to a Security Incident is not an admission of fault, liability, or violation of law.

Customer is responsible for determining whether Customer must notify individuals, regulators, property owners, residents, applicants, vendors, employees, or other third parties, unless applicable law requires Vinevault to provide notice directly.

16. Cooperation and Assistance

Taking into account the nature of the Processing and the information available to Vinevault, Vinevault will provide reasonable assistance to Customer as required by Applicable Privacy Laws and as reasonably necessary for Customer to:

  • Respond to privacy rights requests
  • Investigate or respond to Security Incidents
  • Maintain reasonable data security practices
  • Conduct data protection assessments where required by applicable law
  • Comply with applicable controller obligations related to Vinevault's Processing of Customer Data or Backup Data

Vinevault will provide standard assistance described in this DPA at no additional charge. Vinevault may charge reasonable fees, billed at its then-current professional services rates, for assistance described in this Section 16, Section 21 (Legal Holds and Preservation Requests), or Section 27 (Audits and Information Requests) that exceeds the standard functionality of the Services or that requires significant custom exports, technical work, legal review, or professional services. Vinevault will provide a good-faith estimate of any fees before performing the work. Vinevault will not charge fees where prohibited by law or where the work is expressly included in the applicable Order.

17. Privacy Rights Requests

If Vinevault receives a privacy rights request from an individual relating to Customer Data or Backup Data, Vinevault may refer the request to Customer or notify Customer where appropriate.

Vinevault will not respond directly to a privacy rights request relating to Customer Data or Backup Data unless instructed by Customer, required by law, or necessary to protect Vinevault's legal rights.

Customer is responsible for verifying the identity and authority of the requesting individual and determining the appropriate response to any privacy rights request relating to Customer Data or Backup Data.

To the extent Customer cannot respond to a verified privacy rights request using the Services, Vinevault will provide reasonable assistance as required by Applicable Privacy Laws and as technically feasible, subject to Section 16.

18. Subprocessors

Customer authorizes Vinevault to engage Authorized Subprocessors to process Customer Data, Backup Data, and Personal Information as necessary to provide the Services.

Vinevault maintains a current list of its primary Authorized Subprocessors at https://vinevault.io/subprocessors (the "Subprocessor List"). The Subprocessor List identifies each Authorized Subprocessor, the nature of the services provided, and the location of processing. The Subprocessor List is incorporated by reference into this DPA.

Vinevault will require Authorized Subprocessors that process Customer Data, Backup Data, or Personal Information on Vinevault's behalf to enter into written agreements imposing data protection obligations no less protective than those required by Applicable Privacy Laws and appropriate to the nature of the services provided.

Vinevault remains responsible for the performance of its Authorized Subprocessors to the extent required by Applicable Privacy Laws and this DPA.

19. Subprocessor Changes

Vinevault may add, replace, or remove Authorized Subprocessors from time to time.

Vinevault will provide at least thirty (30) days' advance notice of material new Subprocessors that will process Customer Data or Backup Data. Notice may be provided by updating the Subprocessor List at https://vinevault.io/subprocessors, by email to the Customer's designated account contact, by customer portal notice, or by other reasonable means. Customer is responsible for subscribing to or monitoring the Subprocessor List notification mechanism made available by Vinevault.

Customer may object to a new Subprocessor by providing written notice to Vinevault within thirty (30) days after Vinevault provides notice of the new Subprocessor. Customer's objection must explain the reasonable privacy, security, or legal basis for the objection.

If Customer reasonably objects, Vinevault will use commercially reasonable efforts to address the objection, which may include providing additional information, modifying the Services where feasible, or using an alternative Subprocessor where commercially reasonable.

If Vinevault cannot, within a reasonable time, accommodate Customer's reasonable objection, Customer may terminate the affected Services by providing written notice to Vinevault within thirty (30) days after Vinevault's response. In that event, Vinevault will refund Customer a pro-rata portion of any prepaid fees attributable to the terminated Services for the period after the termination effective date. Termination and refund under this Section 19 are Customer's sole and exclusive remedies for Vinevault's engagement of a new Subprocessor over Customer's objection.

20. Return and Deletion

Upon cancellation, expiration, or termination of Customer's subscription, Customer may retain access to the client portal and Backup Data for the post-cancellation access period described in the Terms of Service or applicable Order, unless earlier deletion is requested in writing and legally permissible.

After the applicable access period ends, Vinevault will delete Customer's account, Backup Data, and Account Credentials from active production systems within sixty (60) days, in accordance with the Terms of Service and Vinevault's standard deletion procedures.

Customer may request earlier deletion in writing. Vinevault will process deletion requests in accordance with applicable law, technical feasibility, contractual obligations, security requirements, and the Terms of Service.

Customer is responsible for downloading any Backup Data it wishes to retain before deletion.

After deletion, Vinevault may retain limited audit logs and business records showing that an account previously existed, subscription activity occurred, backups were performed, deletion occurred, or communications were sent. These audit logs and business records are retained for security, legal, accounting, dispute resolution, and compliance purposes and are not used to recreate Backup Data.

Some deleted information may remain in encrypted backups or archival systems for a limited period (not to exceed ninety (90) days following deletion from active production systems) until those backups are overwritten or deleted according to Vinevault's standard backup retention practices.

21. Legal Holds and Preservation Requests

Vinevault does not provide legal hold, litigation hold, regulatory preservation, eDiscovery, records custodian, or archival compliance services unless expressly agreed in a signed written agreement.

Customer is responsible for identifying, preserving, exporting, downloading, and retaining any records subject to litigation hold, audit, investigation, subpoena, regulatory inquiry, insurance claim, dispute, or other preservation obligation.

If Customer requires Vinevault to preserve specific Customer Data or Backup Data beyond the standard retention period, Customer must provide written instructions before deletion occurs. Vinevault may decline preservation requests that exceed the scope of the Services, are technically infeasible, create security risk, or conflict with law.

Vinevault may charge fees for preservation assistance as described in Section 16.

22. Deidentified, Aggregated, or Anonymized Data

Vinevault may create and use deidentified, aggregated, or anonymized information derived from use of the Services for service improvement, security, reporting, analytics, product development, and business purposes.

Vinevault will maintain and use deidentified information in deidentified form and will not attempt to reidentify it except as permitted by Applicable Privacy Laws.

Vinevault will not use deidentified, aggregated, or anonymized Customer Data or Backup Data to train artificial intelligence or machine learning models.

23. Customer Data Disclosure Restrictions

Vinevault will not disclose Customer Data or Backup Data to third parties except:

  • To Authorized Subprocessors as necessary to provide the Services
  • As instructed by Customer
  • As required by applicable law, subpoena, court order, governmental request, or legal process
  • As reasonably necessary to investigate or respond to a Security Incident, fraud, abuse, misuse, or unlawful activity affecting the Services
  • As reasonably necessary to protect the rights, property, or safety of Vinevault, Customer, Users, individuals, or others where a good-faith belief of imminent risk exists
  • As otherwise permitted by this DPA, the Terms of Service, applicable Order, or Applicable Privacy Laws

Where legally permitted, Vinevault will use commercially reasonable efforts to notify Customer of legal requests for Customer Data or Backup Data before disclosure, and will provide Customer a reasonable opportunity to seek a protective order or other appropriate remedy.

24. Compliance with Laws

Each party will comply with Applicable Privacy Laws to the extent those laws apply to that party's role and obligations under this DPA.

Customer is responsible for compliance with laws applicable to Customer's collection, use, storage, retention, disclosure, deletion, and other processing of Customer Data, Backup Data, and Downloaded Backup Data.

Vinevault is responsible for compliance with laws applicable to Vinevault's Processing of Customer Data and Backup Data as Processor under this DPA.

Nothing in this DPA is intended to limit, waive, or override any rights or protections that apply under applicable law and cannot legally be waived.

25. Sensitive and Regulated Information

Customer acknowledges that Customer Data and Backup Data may include sensitive or regulated information, including consumer reports, tenant screening records, credit information, background check records, accommodation-related records, financial records, identity-related records, legal records, protected-class information, or other sensitive information.

Customer is responsible for determining whether Customer Data includes sensitive or regulated information and whether Customer's use of the Services is appropriate for that information.

Customer is responsible for complying with laws that apply to Customer's collection, use, disclosure, storage, retention, deletion, and other processing of sensitive or regulated information, including any fair housing, tenant screening, consumer reporting, credit reporting, adverse action, financial privacy, identity theft, breach notification, and records retention obligations that apply to Customer.

Vinevault does not intentionally request that Customer provide sensitive or regulated information except to the extent such information is included in Customer Data made available through Customer's connected Property Management Software account.

26. Account Credentials

Customer may provide Account Credentials so Vinevault's automated systems can connect to Customer's supported Property Management Software account and create Backup Data.

Vinevault will use Account Credentials only to provide the Services, troubleshoot issues, comply with law, enforce applicable agreements, and protect the rights, property, and safety of Vinevault, Customer, Users, and others.

Account Credentials are encrypted immediately upon receipt and are not stored by Vinevault in readable form. Vinevault personnel cannot view or retrieve previously entered Account Credentials.

Account Credentials are used by automated systems to perform backup operations. Customer acknowledges that Account Credentials may exist in readable form only during automated processing necessary to perform a backup operation.

Customer is responsible for providing valid Account Credentials, maintaining access to the connected Property Management Software account, and ensuring Customer's use of Vinevault does not violate any agreement with the Property Management Software provider.

Vinevault will never ask Customer to send Account Credentials by email.

27. Audits and Information Requests

Upon Customer's reasonable written request, and not more than once per twelve (12) month period (except in connection with a confirmed Security Incident affecting Customer or where additional requests are required by Applicable Privacy Laws), Vinevault will provide information reasonably necessary to demonstrate Vinevault's compliance with this DPA, taking into account the nature of the Services, Vinevault's security obligations, confidentiality obligations, and the sensitivity of other customers' data.

Vinevault may satisfy this obligation by providing summaries of security practices, completed security questionnaires, written policies, third party certifications or attestation reports (such as SOC 2 reports, if and when available), written responses, or other reasonable documentation.

Customer may not conduct onsite audits, penetration testing, vulnerability testing, system scans, or technical reviews of Vinevault systems without Vinevault's prior written consent.

Any audit or information request must be limited to Vinevault's Processing of Customer Data and Backup Data and may not compromise Vinevault's security, confidentiality, operations, or other customers' information. Information provided in response to an audit request is Vinevault's confidential information and may be used only to assess compliance with this DPA.

Vinevault may charge fees for audit assistance as described in Section 16.

28. International Use

The Services are designed for and intended for use within the United States. Customer Data and Backup Data are stored in United States AWS regions as described in Section 14. Unless otherwise stated in a signed written agreement, Vinevault does not represent that the Services are designed to comply with privacy or data protection laws outside the United States.

Customer is responsible for determining whether Customer's use of the Services from outside the United States, or with data subject to laws outside the United States, is lawful and appropriate.

29. Limitation of Liability

The limitation of liability in the Terms of Service applies to this DPA and to any claims arising out of or related to this DPA, regardless of the form of action.

Nothing in this DPA expands Vinevault's liability beyond the limitations stated in the Terms of Service unless expressly required by applicable law or agreed in a signed written agreement.

30. Term and Termination

This DPA begins on the effective date of the Terms of Service, applicable Order, or Customer's use of the Services, whichever occurs first.

This DPA remains in effect for as long as Vinevault processes Customer Data, Backup Data, or Personal Information on behalf of Customer.

Termination or expiration of this DPA does not affect obligations that by their nature should survive, including confidentiality, deletion, audit logs, legal compliance, Security Incident cooperation, and limitations on use of Customer Data and Backup Data.

31. Contact Us

If you have questions about this DPA or Vinevault's data processing practices, please contact us at:

Vinevault, LLC
[Mailing Address — to be added before publication]
support@vinevault.io