Data Processing Addendum

This Data Processing Addendum (“DPA”) describes how Solvren processes personal data on behalf of customers who use the service in a business capacity. It is intended to align with common expectations under privacy regulations when Solvren acts as a processor. Your master subscription agreement or order form may incorporate this DPA by reference or include a superseding data protection exhibit.

Roles. For customer-submitted personal data processed to provide the service, the customer is typically the controller and Solvren is the processor. Solvren may act as a controller for limited operational data (such as account contact information for billing).

Processing instructions. Solvren processes personal data only on documented instructions from the customer, including through configuration of the product and integrations the customer enables.

Subprocessors. The customer authorizes Solvren to engage subprocessors subject to equivalent data protection obligations. Customers will be notified of material subprocessor changes as described in the agreement or product notices.

Security. Solvren implements technical and organizational measures appropriate to the risk, as summarized in our Security and Trust materials.

Assistance. Solvren assists customers, taking into account the nature of processing, with responding to data subject requests and with impact assessments where required by law and contract.

Deletion and return. Upon termination of services, Solvren deletes or returns personal data in accordance with the agreement and product capabilities, subject to legal retention requirements.

For a countersigned DPA or enterprise-specific terms, contact your Solvren representative or use our contact page.