Data Processing Addendum
1. Scope and Relationship to Terms
This Data Processing Addendum ("DPA") is incorporated into the Terms of Service, online checkout flow, or other master agreement between ServQore LLC ("ServQore") and the subscribing business ("Customer"). It governs processing of personal data ServQore handles on Customer's instructions, including website form submissions, chat and voice sessions with Customer's visitors, and operational logs linked to those activities. Where this DPA and the Terms conflict on data protection matters, this DPA prevails for those matters only.
ServQore determines its own purposes and means of processing for prospect outreach, servqore.com analytics, and account administration (acting as a business or controller). For data Customer collects through a hosted site or enabled AI features, ServQore acts as a service provider or processor. The Privacy Policy describes this dual role.
2. Roles of the Parties
With respect to Customer Data processed through the Service, Customer is the controller or "business" that decides why and how personal data is used, including site content, enabled features, lead handling, and retention of exported copies. ServQore processes Customer Data solely to deliver and secure the Service, follow Customer's documented directions, meet legal obligations, and perform contractual duties.
3. Processing Details
- Subject matter: hosted websites, domain services, lead capture, AI assistants, customer portal access, and supporting infrastructure.
- Duration: active subscription term plus export, backup, and statutory retention windows described in the agreement and Data Retention Policy.
- Processing activities: hosting, transmission, display, transcription, automated response generation, authentication, audit logging, customer support, invoicing, and security monitoring.
- Data subjects: Customer personnel, website visitors, telephone callers, and individuals who submit forms or messages through Customer's ServQore properties.
- Data elements: contact details, message bodies, call metadata, audio recordings, transcripts, device and network identifiers, and system logs.
4. Customer Obligations
Customer is responsible for:
- Providing lawful instructions to ServQore
- Having all rights, notices, and consents needed to collect and process Customer Data
- Maintaining its own privacy notices, customer notices, and consent records for site visitors and callers
- Responding to privacy requests from data subjects where Customer is the controller or business
- Configuring permissions, AI intake settings, exports, and deletion workflows appropriately
- Using the Service in compliance with applicable privacy, communications, consumer protection, and recordkeeping laws
5. ServQore Obligations
ServQore will:
- Process Customer Data only on Customer's documented instructions, unless required by law
- Ensure personnel authorized to process Customer Data are subject to confidentiality obligations
- Maintain reasonable administrative, technical, and organizational security measures
- Assist Customer with data subject requests, security incidents, and privacy assessments where required and reasonably possible
- Make available information reasonably necessary to demonstrate compliance with this DPA
- Delete or return Customer Data after termination according to the agreement, Data Retention Policy, backup cycles, and legal retention requirements
6. Security Measures
ServQore's security program includes reasonable measures such as TLS encryption in transit, provider-supported encryption at rest, role-based access controls, authentication and authorization controls, logging and monitoring, restricted administrative access to production systems, backup and recovery processes, vendor review for key subprocessors, and incident response procedures. Customer is responsible for its own user access reviews, endpoint security, passwords, device controls, exported data, and internal policies.
7. Subprocessors
Customer gives ServQore general authorization to use subprocessors needed to provide the Service. ServQore's current subprocessor list is published at subprocessors.html. ServQore will impose written obligations on subprocessors that are materially similar to the data protection obligations in this DPA. ServQore remains responsible for subprocessors' performance of their data processing obligations to the extent required by applicable law. ServQore will provide notice of material subprocessor changes by updating the subprocessor page and, where reasonable, emailing the primary account contact.
8. International Transfers
ServQore is based in the United States and primarily processes data in the United States. Where Customer Data is transferred from the EEA, United Kingdom, or Switzerland to a country that does not provide an adequate level of protection, the parties will use legally recognized transfer mechanisms where required. Customer may request applicable transfer annexes by emailing [email protected].
9. Data Subject Requests
If ServQore receives a privacy request relating to Customer Data, ServQore may direct the requester to Customer unless applicable law requires otherwise. Customer is responsible for responding to requests where Customer is the controller or business. ServQore will provide reasonable assistance using available product tools and support channels. For visitor requests forwarded to Customer, ServQore will notify Customer within five (5) business days and Customer should respond to the requester within the timeframe required by applicable law.
10. Security Incidents
ServQore will notify Customer without undue delay after confirming a security incident affecting Customer Data in ServQore's systems, where required by law or agreement. Customer is responsible for any notices to its own users, customers, regulators, or third parties unless law assigns that obligation to ServQore.
11. Return and Deletion
Customer may export Customer Data using available product tools or request reasonable support. After termination, ServQore generally provides a limited export period before deleting Customer Data from active systems. Deletion from backups, provider logs, and disaster recovery systems occurs through ordinary backup rotation and retention cycles. ServQore may retain limited records where required for legal, tax, security, fraud prevention, billing, dispute, or compliance purposes.
12. Contact and Signature Requests
To request a countersigned DPA, email [email protected] with:
- Customer legal entity name
- Billing account email
- Signatory name and title
- Whether GDPR, UK GDPR, CCPA, or another law is the driver
- Any required vendor portal link or deadline
ServQore LLC, Atlanta, GA, USA
Related documents: Legal Center, Subprocessors.