Skip to content
Contact us
 

cocorev policies

TClear policies for a privacy-first CRM workflow: GDPR, Data Processing, Legal Notices, and Terms & Conditions, kept simple and practical.
 
 

Data Processing Agreement

Effective Date: August 25, 2025
Company: cocorev  
Website: https://www.cocorev.com  
Contact: legal@cocorev.com

Introduction

This Data Processing Agreement (DPA) explains how cocorev processes your data when you use our coselling platform. We're committed to transparency and protecting your information according to data protection laws.

Who We Are

cocorev acts as a Data Processor when we:
- Store and process your company data
- Manage your HubSpot integrations
- Facilitate partner connections
- Handle account mapping and overlap detection

You are the Data Controller - you decide what data to share and how it's used.

What Data We Process

 Company Information
- Business Details: Company name, industry, size, location
- Contact Information: Email addresses, phone numbers, addresses
- HubSpot Data: Company records, contact lists, custom properties

 User Information
- Account Details: Login credentials, profile information
- Usage Data: How you interact with our platform
- Communication: Support requests, feedback, messages

 Partner Relationship Data
- Connection Information: Which companies you're partnered with
- Overlap Data: Companies that appear in multiple partner portals
- Collaboration History: Partnership activities and outcomes

How We Process Your Data

Purpose of Processing
We process your data to:
- Provide Services: Connect you with potential partners and manage relationships
- Improve Platform: Understand usage patterns to enhance features
- Ensure Security: Protect your account and prevent unauthorized access
- Comply with Law: Meet legal and regulatory requirements

 Processing Methods
- Automated Processing: Account mapping, overlap detection, partner suggestions
- Manual Processing: Support requests, account management, partnership facilitation
- Analytics: Usage statistics, performance metrics, feature optimization

 Data Sources
- Direct Input: Information you provide when setting up your account
- HubSpot Integration: Data accessed through your OAuth authorization
- Partner Connections: Information shared by your business partners
- Platform Usage: Data generated as you use our services

Data Security Measures

 Technical Safeguards
- Encryption: All data encrypted in transit and at rest
- Access Controls: Role-based permissions and authentication
- Network Security: Firewalls, intrusion detection, and monitoring
- Regular Updates: Security patches and vulnerability management

 Organizational Safeguards
- Employee Training: Regular security awareness training
- Access Policies: Limited access to authorized personnel only
- Background Checks: Employee screening and verification
- Confidentiality Agreements: All staff sign data protection commitments

 Physical Safeguards
- Data Centers: Secure, monitored facilities
- Environmental Controls: Climate control, fire suppression, backup power
- Access Logs: Comprehensive entry and exit monitoring
- Disaster Recovery: Backup systems and recovery procedures

Data Storage and Retention

 Where We Store Data
- Primary Storage: Firebase (Google Cloud Platform)
- Backup Storage: Secure cloud backup services
- Processing Locations: [List your data processing locations]

 How Long We Keep Data
- Active Accounts: Data retained while you use our services
- Inactive Accounts: Data deleted after 2 years of inactivity
- Legal Requirements: Some data may be retained longer if required by law
- Backup Data: Securely deleted according to retention schedules

 Data Deletion
- Account Closure: Data deleted within 30 days of account closure
- User Request: Data deleted within 30 days of deletion request
- Legal Obligation: Data retained if required by law or regulation
- Verification: We verify deletion and provide confirmation

Data Sharing and Transfers

 Internal Sharing
- Authorized Personnel: Only staff who need access for their role
- Limited Scope: Access only to data necessary for their function
- Audit Logs: All access is logged and monitored
- Training Requirements: Staff must complete data protection training

 External Sharing
- With Your Consent: Partner companies only with your explicit permission
- Service Providers: Third-party services under strict data protection agreements
- Legal Requirements: When required by law or to protect rights
- Business Transfers: In case of company sale or merger (with notice)

 International Transfers
- Data Location: Your data may be processed in [list countries]
- Protection Measures: Standard Contractual Clauses and adequacy decisions
- Your Rights: You can request information about data transfer locations
- Compliance: All transfers comply with applicable data protection laws

Your Rights and Control

 Access and Information
- Data Overview: See what data we have about you
- Processing Details: Understand how and why we process your data
- Third-Party Sharing: Know who we share your data with
- Retention Periods: Understand how long we keep your data

 Control and Modification
- Update Data: Correct inaccurate or incomplete information
- Restrict Processing: Limit how we use your data
- Data Portability: Download your data in a machine-readable format
- Object to Processing: Say no to certain types of data use

 Deletion and Withdrawal
- Delete Account: Remove your account and all associated data
- Withdraw Consent: Change your mind about data processing
- Right to be Forgotten: Request complete data deletion
- Verification: We'll confirm when deletion is complete

Data Breach Procedures

 Incident Response
1. Immediate Assessment - Investigate within 24 hours
2. Containment - Stop the breach and prevent further access
3. Notification - Inform affected users within 72 hours
4. Regulatory Reporting - Report to authorities as required
5. Remediation - Fix vulnerabilities and improve security

 Communication Plan
- User Notification: Clear, timely communication about incidents
- Regulatory Reporting: Compliance with legal notification requirements
- Public Disclosure: Transparent communication when appropriate
- Support Services: Help for affected users

 Prevention Measures
- Security Audits: Regular assessment of our security measures
- Vulnerability Testing: Ongoing security testing and penetration testing
- Employee Training: Regular security awareness and best practices
- Incident Learning: Continuous improvement based on lessons learned

Compliance and Auditing

 Legal Compliance
- GDPR Compliance: Full compliance with European data protection law
- Local Laws: Compliance with applicable local data protection laws
- Industry Standards: Following best practices and industry standards
- Regular Reviews: Ongoing compliance monitoring and updates

 Audit Rights
- Your Audits: You can audit our data processing activities
- Third-Party Audits: Independent security and compliance audits
- Regulatory Audits: Cooperation with government audits and inspections
- Transparency: Full cooperation and documentation during audits

 Certifications
- Security Certifications: [List any security certifications you have]
- Privacy Certifications: [List any privacy certifications you have]
- Industry Standards: Compliance with relevant industry standards
- Regular Renewal: Ongoing certification maintenance

 Subprocessors and Third Parties

 Our Subprocessors
We use these trusted service providers:
- Firebase/Google Cloud: Data storage and authentication
- HubSpot: CRM integration and data access
- Cloud Services: Hosting and processing infrastructure
- Support Tools: Customer service and analytics platforms

 Subprocessor Requirements
- Data Protection Agreements: All subprocessors sign DPAs
- Security Standards: Subprocessors must meet our security requirements
- Audit Rights: We can audit our subprocessors
- Breach Notification: Subprocessors must notify us of security incidents

 Your Approval
- New Subprocessors: We'll notify you before adding new subprocessors
- Objection Rights: You can object to new subprocessors
- Alternative Solutions: We'll work to find acceptable alternatives
- Transparency: Full disclosure of all subprocessor relationships

Changes to This Agreement

 How We Update
We may update this DPA to:
- Reflect Changes: New services, features, or processing activities
- Comply with Law: Meet new legal or regulatory requirements
- Improve Clarity: Make our data processing practices clearer
- Enhance Security: Implement improved security measures

 Notification Process
- Advance Notice: We'll notify you 30 days before changes take effect
- Significant Changes: Major changes require your explicit consent
- Minor Updates: Administrative changes may take effect immediately
- Communication Methods: Email, website, and in-app notifications

 Your Rights
- Accept Changes: Continue using our services under new terms
- Reject Changes: Stop using our services if you don't agree
- Negotiation: Discuss concerns and find mutually acceptable solutions
- Transition Period: Reasonable time to adjust to changes

Contact and Support

Emergency Contacts
Security Incidents: security@cocorev.com
Legal Matters: legal@cocorev.com
General Support: support@cocorev.com

Dispute Resolution

 Preferred Resolution
We prefer to resolve issues through:
1. Direct Communication - Let's talk it out first
2. Escalation - Work with management teams
3. Mediation - Use a neutral third party
4. Legal Action - As a last resort

 Governing Law
This agreement is governed by Irish law.

 Jurisdiction
Any legal proceedings will take place in Ireland.

*This DPA is designed to be comprehensive yet understandable. We believe in transparency and want you to know exactly how we protect and process your data. If you have questions, please don't hesitate to reach out.*