Last Updated: June 16, 2026

Data Processing Addendum

1. Scope and Relationship to Terms

This Data Processing Addendum ("DPA") is incorporated into the Terms of Service, online checkout flow, or other master agreement between ServQore LLC ("ServQore") and the subscribing business ("Customer"). It governs processing of personal data ServQore handles on Customer's instructions, including website form submissions, chat and voice sessions with Customer's visitors, and operational logs linked to those activities. Where this DPA and the Terms conflict on data protection matters, this DPA prevails for those matters only.

ServQore determines its own purposes and means of processing for prospect outreach, servqore.com analytics, and account administration (acting as a business or controller). For data Customer collects through a hosted site or enabled AI features, ServQore acts as a service provider or processor. The Privacy Policy describes this dual role.

2. Roles of the Parties

With respect to Customer Data processed through the Service, Customer is the controller or "business" that decides why and how personal data is used, including site content, enabled features, lead handling, and retention of exported copies. ServQore processes Customer Data solely to deliver and secure the Service, follow Customer's documented directions, meet legal obligations, and perform contractual duties.

3. Processing Details

4. Customer Obligations

Customer is responsible for:

5. ServQore Obligations

ServQore will:

6. Security Measures

ServQore's security program includes reasonable measures such as TLS encryption in transit, provider-supported encryption at rest, role-based access controls, authentication and authorization controls, logging and monitoring, restricted administrative access to production systems, backup and recovery processes, vendor review for key subprocessors, and incident response procedures. Customer is responsible for its own user access reviews, endpoint security, passwords, device controls, exported data, and internal policies.

7. Subprocessors

Customer gives ServQore general authorization to use subprocessors needed to provide the Service. ServQore's current subprocessor list is published at subprocessors.html. ServQore will impose written obligations on subprocessors that are materially similar to the data protection obligations in this DPA. ServQore remains responsible for subprocessors' performance of their data processing obligations to the extent required by applicable law. ServQore will provide notice of material subprocessor changes by updating the subprocessor page and, where reasonable, emailing the primary account contact.

8. International Transfers

ServQore is based in the United States and primarily processes data in the United States. Where Customer Data is transferred from the EEA, United Kingdom, or Switzerland to a country that does not provide an adequate level of protection, the parties will use legally recognized transfer mechanisms where required. Customer may request applicable transfer annexes by emailing [email protected].

9. Data Subject Requests

If ServQore receives a privacy request relating to Customer Data, ServQore may direct the requester to Customer unless applicable law requires otherwise. Customer is responsible for responding to requests where Customer is the controller or business. ServQore will provide reasonable assistance using available product tools and support channels. For visitor requests forwarded to Customer, ServQore will notify Customer within five (5) business days and Customer should respond to the requester within the timeframe required by applicable law.

10. Security Incidents

ServQore will notify Customer without undue delay after confirming a security incident affecting Customer Data in ServQore's systems, where required by law or agreement. Customer is responsible for any notices to its own users, customers, regulators, or third parties unless law assigns that obligation to ServQore.

11. Return and Deletion

Customer may export Customer Data using available product tools or request reasonable support. After termination, ServQore generally provides a limited export period before deleting Customer Data from active systems. Deletion from backups, provider logs, and disaster recovery systems occurs through ordinary backup rotation and retention cycles. ServQore may retain limited records where required for legal, tax, security, fraud prevention, billing, dispute, or compliance purposes.

12. Contact and Signature Requests

To request a countersigned DPA, email [email protected] with:

ServQore LLC, Atlanta, GA, USA

Related documents: Legal Center, Subprocessors.