Data Processing Addendum (Summary)

1) Roles & Relationship

For personal information you provide to KavaCore to deliver services, you are the data controller (or equivalent) and KavaCore is your data processor/service provider handling data on your behalf.

2) Scope of Processing

Nature & purpose: to provide websites, custom software, AI integrations, BPO/support, training, and related professional services you request.

Data subjects: your personnel, customers, leads, end-users, or other individuals whose data you lawfully submit.

Categories: contact data; communications and support records; minimal operational logs; optional call/voice recordings if you enable them. We do not require sensitive categories by default.

Duration: during your subscription/engagement and any retention required by law or contract.

3) Customer Instructions & Lawfulness

We process personal information strictly per your documented instructions (the MSA/SOW, this DPA, and your configurations). You are responsible for providing a lawful basis and for the accuracy of personal information you submit.

4) Security Measures

• Encryption in transit; hardened hosting; least-privilege access; authentication and audit trails.
• Backups and continuity appropriate to the services provided.
• Personnel confidentiality commitments and security training.
• Vendor due diligence proportional to risk.

See also our Security Overview.

5) Subprocessors

We may use vetted subprocessors to deliver specific functions (e.g., hosting, email delivery, call handling). We impose written obligations on subprocessors to protect personal information and we remain responsible for their performance. We publish and update our list at /legal/subprocessors. You may subscribe to change notifications by emailing Support@kavacorellc.com.

6) Cross-Border Transfers

Data is primarily processed in the United States and may be processed in Canada depending on vendor/location you select. If cross-border safeguards are needed under your laws, we will implement appropriate contractual protections with our subprocessors.

7) Individual Requests

We will reasonably assist you in responding to individuals’ requests (access, correction, deletion, objection) by providing tools or supporting documentation where applicable.

8) Security Incidents

We notify you without undue delay after becoming aware of a personal-data breach affecting your data and provide information we can reasonably disclose to support your assessment and notifications.

9) Return or Deletion

Upon termination or at your written request, we will delete or return personal information, unless retention is required by law or permitted for legitimate business records. Backups roll off on their normal schedule.

10) Audits & Information

On reasonable written request, we will make available information necessary to demonstrate compliance and will support audits as set out in the signed DPA, subject to confidentiality and scheduling requirements.

11) Government & Law-Enforcement Requests

We will only disclose personal information if legally required. Where lawful to do so, we will notify you before disclosure and limit the scope to what is legally required.

12) Order of Precedence

If there is a conflict, the signed DPA controls over this summary. Between the DPA and other documents, the order of precedence in your MSA/SOW applies.

13) Contact

For DPA requests or a signed copy, contact: Support@kavacorellc.com
Mailing address: KavaCore LLC, Grover Street, Joliet, IL 60433 (USA)

Need the signed PDF? Email us for the current version and e-signature process. We’ll countersign and return a copy for your records.