Data Processing Addendum (DPA) — Summary

Effective: October 1, 2025 Last updated: January 29, 2026 Support@kavacorellc.com +1-888-808-2683

This page summarizes KavaCore’s standard Data Processing Addendum (“DPA”) for customers. It describes how we process personal information on customer instructions, the security measures we apply, and the operational terms we typically use. For the signed, legally binding DPA, request the current PDF.

Summary only: This page is informational and not legal advice. The signed DPA (and your MSA/SOW) controls if there is any conflict.

1) Roles & relationship

For personal information you provide to KavaCore to deliver services, you are typically the controller (or equivalent), and KavaCore acts as a processor/service provider processing data on your behalf.

2) Scope of processing (plain-language annex)

Nature & purpose

To provide implementation and operational support services you request (for example: website/landing page implementation, tracking setup, business systems automation, documentation, and related professional services).

Data subjects

Your personnel, customers, leads, end-users, or other individuals whose information you lawfully submit or instruct us to process.

Categories of personal information

  • Contact and business identifiers (name, email, phone, company, role) as provided by you or your users
  • Communications & support records (tickets, chat/email threads, implementation notes)
  • Account/technical data (basic operational logs needed to maintain security and reliability)
  • Optional meeting data (for example, call/meeting recordings) only if enabled with appropriate notice/consent

We do not require sensitive categories by default. If sensitive data processing is requested, it must be documented and agreed in writing.

Duration

For the term of your engagement, plus any retention required by law or contract, or as otherwise documented in your agreement.

3) Customer instructions & lawfulness

We process personal information in accordance with your documented instructions (for example: your MSA/SOW, configurations, support tickets, and written directives). You are responsible for ensuring you have a lawful basis to collect and submit personal information and for the accuracy of the information provided.

4) Security measures

  • Encryption in transit; hardened hosting; authentication and access controls (least privilege)
  • Logging and audit trails appropriate to the services provided
  • Backups and continuity practices aligned to the scope of your engagement
  • Confidentiality obligations for personnel and role-based access for customer data
  • Vendor due diligence and risk-based controls for subprocessors

If we publish a Security Overview, it will be available at /legal/security.

5) Subprocessors

We may use vetted subprocessors to deliver specific functions (for example: hosting, email delivery, communications tooling). We impose written obligations on subprocessors to protect personal information and remain responsible for their performance under our contracts.

If we publish a current list, it will be available at /legal/subprocessors. To request notifications of material changes, email Support@kavacorellc.com.

6) Cross-border transfers

Data is primarily processed in the United States and may be processed in other locations depending on the tools and vendors used. Where cross-border safeguards are needed under applicable law, we use contractual protections and assess data flows appropriate to the service.

7) Individual requests (DSAR assistance)

We will reasonably assist you in responding to individuals’ requests (for example: access, correction, deletion, or objection) by providing available tools, information, or supporting documentation as applicable to the services.

8) Security incidents

We will notify you without undue delay after becoming aware of a personal-data breach affecting customer data, and provide information we can reasonably disclose to support your assessment and any required notifications.

9) Return or deletion

Upon termination or at your written request, we will delete or return personal information, unless retention is required by law or permitted for legitimate business records. Backups are retained and rotated on their normal schedule.

10) Audits & information

On reasonable written request, we will make available information necessary to demonstrate compliance and support audits as described in the signed DPA, subject to confidentiality, scope limitations, and scheduling requirements.

Audits are typically limited to documentation review and reasonable verification steps. Intrusive testing on shared infrastructure requires prior written agreement.

11) Government requests

We disclose personal information only when legally required. Where lawful to do so, we will notify you before disclosure and limit the scope to what is required.

12) Order of precedence

If there is a conflict, the signed DPA controls over this summary. Between the DPA and other documents, the order of precedence in your MSA/SOW applies.

13) Contact

For DPA requests or to receive the signed PDF, contact: Support@kavacorellc.com
Phone: +1-888-808-2683

Need a signed copy? Email us and we’ll share the current DPA PDF and e-signature steps. After signature, we will countersign and return a copy for your records.
Scroll to Top