Data Processing Addendum

Scope

This Data Processing Addendum (“DPA”) describes how Vesara, Inc. processes customer data when providing the Vesara work environment. It supplements the agreement between Vesara and the customer.

Roles of the parties

The customer is the controller of customer content and determines the purposes and means of processing. Vesara acts as a processor, processing customer content only on documented instructions from the customer.

Details of processing

Subject matter: providing the work environment—reading what the customer says, sends, and signs, carrying multi-step work, and maintaining one traceable Record.

Duration: for the term of the agreement and any period required to return or delete data afterward. Types of data and data subjects are determined by the customer through the content it connects.

Security measures

Vesara maintains technical and organizational measures including encryption in transit and at rest, least-privilege access controls, logging, and auditable, traceable handling of facts and actions. See our Security & trust page for more detail.

Subprocessors

Vesara may engage subprocessors to support the service under written terms no less protective than this DPA. A current list of subprocessors is available on request, and we provide notice of material changes.

Data subject requests

Vesara will assist the customer, taking into account the nature of processing, in responding to data subject requests for access, correction, deletion, or restriction relating to customer content.

International transfers

Where customer content is transferred across borders, Vesara relies on appropriate safeguards, such as standard contractual clauses, as required by applicable law.

Return and deletion

Upon termination, Vesara returns or deletes customer content according to the customer’s instructions and applicable agreements, except where retention is required by law.

Contact

For DPA requests, the current subprocessor list, or related questions, contact privacy@vesara.ai.