Data Processing Addendum
Data Processing Addendum
Kovira's Data Processing Addendum (DPA) sets out the controller-to-processor terms that apply when Kovira processes personal data on a customer's behalf. It supplements the Terms of Service and is incorporated by reference for any customer that requires it.
What the DPA covers
- Roles of the parties (customer as controller, Kovira as processor) and the subject matter, duration, nature, and purpose of processing.
- Categories of personal data processed and categories of data subjects.
- Confidentiality, security measures, and personnel obligations.
- Sub-processor engagement, the current sub-processor list, and the change-notice mechanism.
- International data transfer safeguards (Standard Contractual Clauses where applicable).
- Assistance with data subject requests (access, rectification, erasure, portability, restriction, objection).
- Personal data breach notification timelines and content.
- Audit rights and how the customer can exercise them.
- Return or deletion of personal data on termination.
How to get a copy
A current PDF of the Kovira DPA is available on request. We intend to publish the standard form at the link below; until then, request a copy by email and we will respond within two business days.
Download the standard DPA (PDF)Available on request while the published form is finalised.
privacy@kovira.appInclude your workspace name and the legal entity that will sign.
Schedule
Current sub-processors
The DPA references a sub-processor schedule. The current list, with purpose, data categories, region, and transfer mechanism, is published on the sub-processors page.
View sub-processor list