Skip to content

Legal document

Data Processing Agreement (DPA)

Effective: 15 July 2026Last updated: 17 July 2026

Contractual addendum for professionals where Rexly processes client data under GDPR Article 28.

The Slovak version is legally authoritative. This translation is provided for information.

1. Introduction and parties

This DPA forms part of the Terms under GDPR Article 28. The professional is controller of client data; Rexly is processor and acts only on documented instructions.

Rexly s. r. o. Registered office: Račianska 14350/64B, 831 03 Bratislava, Slovak Republic Company ID: 57 516 812 · Tax ID: 2122791220 · VAT ID: SK2122791220 Commercial Register of the Bratislava III Municipal Court, Section Sro, Insert No. 197507/B Email: support@trely.eu · privacy: privacy@trely.eu Web: https://trely.eu

2. Subject, purpose and duration

Purposes include client records, plans, calendar, chat, photos, technical operation, security, backup and recovery. Processing lasts for the account or until deletion instruction; backups rotate within 30 days.

3. People and data categories

Data subjects: clients, prospects and the professional’s contacts. Data: identity, contact, bookings, communications, plans, measurements, photos, fitness or health data and technical logs.

4. Rexly obligations

Rexly follows instructions, binds personnel to confidentiality, secures data under Article 32, assists with rights and Articles 32–36, reports breaches, deletes or returns data after service, and provides compliance information.

5. Subprocessors

Approved subprocessors: Supabase, RevenueCat, Apple, Google, Resend, Expo, Sentry, PostHog and Vercel, limited to their functions. Stripe is added only when direct billing is explicitly enabled. Rexly imposes equivalent duties and gives advance notice of intended changes.

6. Security and transfers

Security includes TLS, encryption at rest, storage and database policies, least privilege, monitoring, backup and recovery. EEA transfers rely on the DPF or SCCs under GDPR Chapter V.

7. Personal-data breaches

Rexly notifies a breach without undue delay and supplies available facts and reasonable assistance for GDPR Articles 33 and 34.

8. Term, precedence and audit

The DPA applies with the Terms throughout processing and prevails for client-data conflicts. The professional may request information and a proportionate audit that does not compromise other users’ security.

Rexly s.r.o.17 July 2026
Data Processing Agreement · Trely