← Back to Routella

Data Processing Agreement

Last updated: May 12, 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Servicebetween Routella (the "Processor") and the merchant using Routella (the "Controller"). It applies whenever Routella processes personal data on behalf of the merchant, including personal data of the merchant's end customers and drivers.

1. Roles

The merchant is the data controller: they decide why and how personal data of their end customers is processed. Routella is the data processor: we process that personal data only on the merchant's documented instructions, which are reflected in the merchant's use of Routella's features (e.g. enabling WhatsApp notifications, importing from a Shopify store).

2. Subject Matter, Duration, and Purpose

  • Subject matter: delivery management — order import, route optimization, dispatch, driver coordination, customer notifications, tracking.
  • Duration: for the lifetime of the merchant's Routella account, plus any retention windows in section 9.
  • Purpose: providing the Routella service as described in the Terms of Service.
  • Categories of data subjects: the merchant's end customers; the merchant's drivers; the merchant's own staff users.
  • Categories of personal data: name, postal address, email, phone number, order details, delivery status, driver GPS location during active rounds.

3. Processor Obligations

Routella commits to:

  • Process personal data only on the merchant's documented instructions.
  • Ensure that personnel with access to personal data are bound by confidentiality.
  • Implement the technical and organizational measures described in our Security and Compliance page and summarized in section 6 below.
  • Assist the merchant with data subject requests, data protection impact assessments, and breach notifications.
  • Return or delete personal data at the end of the engagement, except where retention is required by law.
  • Make available the information needed to demonstrate compliance and allow reasonable audits.

4. Sub-processors

The merchant authorizes Routella to engage the following sub-processors:

  • MongoDB Atlas — managed database (data storage). Encrypted at rest and in transit.
  • Vercel — application hosting and TLS termination.
  • Infobip — SMS and WhatsApp transactional message delivery.
  • WAHA Plus — alternate WhatsApp transport.
  • Resend — transactional email delivery.
  • OpenStreetMap (Nominatim, Photon) — address geocoding (address only).
  • Anthropic — translation of UI strings and message templates (no order data).
  • Shopify — for Shopify-connected merchants, order sync and Shopify Billing.
  • WooCommerce, Wix, Salesforce, Monday, and other connected platforms — only where the merchant has connected the integration.

Routella will notify the merchant via email and an in-app notice at least 14 days before adding or replacing a sub-processor. The merchant may object to a new sub-processor in writing; if the objection cannot be resolved, the merchant may terminate the affected service.

5. International Transfers

Where personal data is transferred outside the EEA, the transfer relies on the EU's Standard Contractual Clauses (Module Two — controller to processor), the adequacy decision for Israel, or another lawful transfer mechanism.

6. Security Measures

Summary of technical and organizational measures (full details on the Security page):

  • Encryption in transit: HTTPS / TLS 1.2+ on every endpoint, including merchant API, customer tracking pages, and sub-processor calls.
  • Encryption at rest: AES-256 on the primary database and on backups, plus an additional AES-256-GCM field-level layer on integration credentials.
  • Access control: staff access requires SSO with mandatory multi-factor authentication; access to personal data is granted on a documented need-to-know basis.
  • Authentication: minimum 10-character passwords (letters and digits required, common passwords rejected), rate-limited login, signed JWT sessions, hashed reset tokens.
  • Audit logging: sign-in events, personal-data record reads, and admin actions are logged with timestamp, IP hash, and user agent.
  • Environment separation: production and non-production are isolated — separate Vercel projects, separate MongoDB clusters, separate secrets, no shared credentials.
  • Backups: continuous backups with point-in-time restore. Backups are encrypted with the same standard as primary storage and are tested.
  • Vulnerability management: dependency scanning, automatic security patching of the hosting platform, and security review of code changes before production.

7. Personal Data Breach

If Routella becomes aware of a personal data breach affecting the merchant, we will notify the merchant without undue delay, and in any case within 72 hours of becoming aware. The notification will describe the nature of the breach, the categories of data subjects and records concerned, the likely consequences, and the measures taken or proposed to address it.

8. Data Subject Requests

Routella will, at the merchant's request and cost, provide reasonable assistance in fulfilling requests from data subjects (access, rectification, deletion, restriction, portability, objection). The merchant can also perform many of these actions directly through the Routella dashboard.

9. Retention and Deletion

During the engagement, personal data is retained per the windows described in our Privacy Policy. On termination of the agreement, Routella will delete personal data within 30 days, unless retention is required by law (e.g. billing records for up to 7 years).

10. Liability

Each party's liability under this DPA is subject to the limitations of liability in the Terms of Service. Nothing in this DPA limits a data subject's statutory rights.

11. Acceptance

By using Routella, the merchant accepts this DPA. A countersigned copy is available on request from support@routella.app.