Effective Date: 3/12/2026
This Data Processing Addendum ("DPA") forms part of the Terms of Service / Subscription Agreement between Customer and Univrs when Univrs processes Personal Data on behalf of Customer.
Personal Data means personal information, personal data, or similar terms as defined under applicable privacy law, to the extent included in Customer Data.
Applicable Data Protection Law means privacy and data protection laws applicable to Univrs's processing of Personal Data under the Agreement.
Customer is the controller or business, and Univrs is the processor or service provider, with respect to Personal Data that Univrs processes on Customer's behalf under the Agreement.
Univrs will process Personal Data only:
Nature of processing: collection, storage, organization, structuring, retrieval, analysis, transmission, and deletion of Personal Data as necessary to provide AI analytics, dashboards, data ingestion, support, security monitoring, and related service operations.
Purpose of processing: to provide the Services to Customer.
Categories of Personal Data may include contact details, account information, business communications, usage data, support ticket content, call transcript content, survey response content, and other categories Customer chooses to submit.
Data subjects may include Customer personnel, Customer end users, prospects, customers, vendors, or other individuals whose data Customer submits.
Univrs will ensure that personnel authorized to process Personal Data are subject to appropriate confidentiality obligations.
Univrs will maintain reasonable administrative, technical, and organizational measures designed to protect Personal Data, taking into account the nature of the processing and the risk involved.
Customer authorizes Univrs to use subprocessors to assist in providing the Services. Univrs will impose data protection obligations on subprocessors that are materially consistent with this DPA. A current subprocessor list will be made available at [URL].
Univrs will notify Customer without undue delay after confirming a Security Incident affecting Personal Data processed under this DPA. Univrs will provide reasonably available information about the nature of the incident, affected data, likely consequences, and measures taken or proposed.
Taking into account the nature of processing, Univrs will provide reasonable assistance to Customer in responding to data subject requests and complying with applicable privacy law obligations, to the extent Customer cannot reasonably fulfill them through the Services.
Upon termination of the Agreement and Customer's written request, Univrs will delete or return Personal Data, subject to legal retention requirements and reasonable backup/archival limitations.
Upon reasonable written request, Univrs will provide information reasonably necessary to demonstrate compliance with this DPA, which may include summaries of security controls, questionnaires, or independent reports where available. On-site audits will occur only if required by law and subject to confidentiality, security, and scheduling restrictions.
If cross-border transfer mechanisms are required by applicable law, the parties will cooperate in good faith to implement them.
To the extent applicable, Univrs will not sell or share Personal Data processed under this DPA, will not retain, use, or disclose such Personal Data outside the direct business relationship except as permitted by applicable law, and will not combine such Personal Data with personal information from other sources except as permitted by law.
If there is a conflict between this DPA and the Agreement regarding Personal Data processing, this DPA controls.