Swan Power Dialer

Data Processing Addendum

Last updated: 17 July 2026

This Data Processing Addendum ("DPA") forms part of the Terms of Service between the Customer ("Controller") and Vyxr Labs FZE ("Processor") for Swan Power Dialer (the "Service"). It applies to the extent the Processor processes Personal Data on the Controller's behalf and where data protection laws such as the EU/UK GDPR apply. Capitalised terms not defined here have the meaning given in applicable data protection law.

1. Roles

The Controller determines the purposes and means of processing the contact data it uses in the Service. The Processor processes such Personal Data only on the Controller's documented instructions (including as set out in the Terms and this DPA) to provide the Service.

2. Subject-matter and details of processing

Subject-matterProviding the Swan Power Dialer service within the Controller's GoHighLevel account.
Nature & purposeApplying tags, saving notes, and updating custom fields on contacts when a rep records a call disposition; authenticating users; producing minimised usage analytics.
DurationFor as long as the app is installed, plus the retention periods in the Privacy Policy.
Categories of data subjectsThe Controller's contacts/leads and the Controller's own users (reps).
Categories of Personal DataContact identifiers (name, phone, email), tags, and custom-field values processed in transit; user name/email/role; sub-account identifiers. As stated in the Privacy Policy, the Processor does not retain contact note text or custom-field values at rest.

3. Processor obligations

The Processor will:

4. Sub-processors

The Controller authorises the Processor to engage sub-processors to provide the Service. Current sub-processors:

Sub-processorPurposeLocation
RailwayApplication hosting and encrypted databaseUnited States
HighLevel (GoHighLevel / LeadConnector)Underlying platform and billingUnited States

The Processor will impose data-protection obligations on sub-processors substantially similar to those in this DPA and remains responsible for their performance. The Processor will give notice (e.g. by updating this page) of intended changes to sub-processors, and the Controller may object on reasonable data-protection grounds.

5. Security measures

6. International transfers

The Processor operates from the UAE and uses sub-processors in the United States. Where transfers of Personal Data from the EEA/UK are subject to transfer requirements, the parties agree that appropriate safeguards (such as the European Commission's Standard Contractual Clauses, and the UK Addendum where relevant) apply and are incorporated by reference, with Vyxr Labs FZE as "data importer".

7. Audit

The Processor will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including by responding to reasonable written information requests, subject to confidentiality and no more than once per year absent a specific concern or legal requirement.

8. Controller responsibilities

The Controller warrants that it has a lawful basis and all necessary consents and rights for the Personal Data it processes through the Service, that its instructions comply with applicable law, and that it is responsible for the legality of its communications and contact of data subjects (see Terms, Section 5).

9. Liability

Each party's liability under this DPA is subject to the limitations and exclusions of liability in the Terms.

10. Term and contact

This DPA continues while the Processor processes Personal Data on the Controller's behalf. Data-protection queries: support@vyxrlabs.com, Vyxr Labs FZE, Sharjah Publishing City Free Zone, Sharjah, UAE.