Data Processing Addendum (“DPA”)

Last updated January 28, 2026

This Data Processing Addendum (“DPA”) is part of and governed by the Solve Data Inc. Terms of Service (“Agreement”) and applies when Solve processes personal data on behalf of a Customer.

1. Definitions

a. “Applicable Law” means any privacy or data protection law applicable to the processing of personal data, including GDPR, UK GDPR, and, where applicable, CCPA/CPRA.b. “Controller” means the entity that determines the purposes and means of processing personal data.c. “Processor” means the entity that processes personal data on behalf of the Controller.d. “Personal Data” is any information that identifies or can reasonably be used to identify an individual.e. “Subprocessor” means a third party engaged by Solve to process Personal Data on behalf of Customer.f. “AI Features” means any machine learning or automated inference capabilities offered in the Services.g. “AI Output” means results, content, predictions, or responses generated by AI Features.

2. Roles

Customer is Controller of Personal Data processed through the Services. Solve is Processor with respect to such Personal Data. Solve will process Personal Data only on Customer’s documented instructions, including this DPA and the Agreement.

3. Processing Scope

a. Purpose: Solve will process Personal Data to deliver and support the Services ordered by Customer.b. Duration: Processing continues for the term of the Agreement and any period required for data return/deletion.c. Categories: May include identifiers, contact data, communications content, usage data, and other data Customer submits.d. Nature: Collection, storage, retrieval, transmission, transformation, analysis, and deletion.

4. Customer Instructions

Solve will process Personal Data only:

  • as necessary to provide the Services,
  • per Customer’s documented instructions in the Agreement and this DPA,
  • and as required by law (with notice unless prohibited).

5. Security

Solve will maintain appropriate administrative, physical, and technical measures to protect Personal Data (e.g., encryption in transit/at rest, access controls, monitoring, vulnerability management).

6. Subprocessors

a. Authorization: Customer authorizes Solve to retain Subprocessors.b. List + Notice: Solve will maintain a current list of Subprocessors and provide notice of changes.c. Flow-down: Solve will require Subprocessors to comply with data protection obligations at least as protective as those in this DPA.d. Responsibility: Solve remains responsible for Subprocessor compliance.

7. Data Subject Rights

Solve will assist Customer to the extent reasonably necessary and feasible to respond to valid requests to exercise data subject rights (access, deletion, correction, portability, objection).

8. Breach Notification

Solve will notify Customer without undue delay after becoming aware of a Personal Data breach affecting Customer’s Personal Data and provide reasonably available information for remediation and notification obligations.

9. International Transfers

Where applicable, Solve will implement appropriate safeguards (e.g., SCCs) for transfer of Personal Data outside the EEA/UK.

10. Data Return and Deletion

Upon termination, Solve will delete or return Customer Personal Data per Customer’s request, except for backup copies retained per its business practices and legal requirements.

 

 

A.I.

11. Use of Personal Data in AI Features

Solve will not use Customer Personal Data to train, fine-tune, or improve its general AI models beyond what is strictly necessary to provide the Services or as permitted by explicit written consent from Customer.

12. AI Output and Exposure Controls

a. Segmentation: Solve will take reasonable measures to prevent cross-tenant data leakage in AI processing.b. No unintended exposure: Solve will not configure AI Features to expose Customer Personal Data outside of Customer’s tenant.c. Review: Customer acknowledges that AI Output may be imperfect and should be reviewed before use in high-stakes decisions.

13. Logging and Retention

Solve may collect AI logs (e.g., inputs/outputs, errors) for operational, security, and quality purposes. Logs will be:

  • retained for a defined period,
  • protected appropriately, and
  • not used to train general models without explicit consent.

14. Sensitive Personal Data

Unless expressly agreed, Customer will not submit Sensitive Personal Data. If such data must be processed, the parties will agree additional safeguards (e.g., HIPAA BAA) as applicable.

 

 

15. Liability and Indemnity

Each party’s liability for data protection is governed by the Agreement. Solve’s liability is subject to limitations set forth in the Agreement, except where prohibited by law.

16. Order of Precedence

In case of conflict, this DPA governs over the Agreement for data protection and processing terms.

 

© 2026 Solve Data Inc. All Rights Reserved

Privacy Policy

Data Processing Addendum (“DPA”)

Last updated January 28, 2026

This Data Processing Addendum (“DPA”) is part of and governed by the Solve Data Inc. Terms of Service (“Agreement”) and applies when Solve processes personal data on behalf of a Customer.

1. Definitions

a. “Applicable Law” means any privacy or data protection law applicable to the processing of personal data, including GDPR, UK GDPR, and, where applicable, CCPA/CPRA.b. “Controller” means the entity that determines the purposes and means of processing personal data.c. “Processor” means the entity that processes personal data on behalf of the Controller.d. “Personal Data” is any information that identifies or can reasonably be used to identify an individual.e. “Subprocessor” means a third party engaged by Solve to process Personal Data on behalf of Customer.f. “AI Features” means any machine learning or automated inference capabilities offered in the Services.g. “AI Output” means results, content, predictions, or responses generated by AI Features.

2. Roles

Customer is Controller of Personal Data processed through the Services. Solve is Processor with respect to such Personal Data. Solve will process Personal Data only on Customer’s documented instructions, including this DPA and the Agreement.

3. Processing Scope

a. Purpose: Solve will process Personal Data to deliver and support the Services ordered by Customer.b. Duration: Processing continues for the term of the Agreement and any period required for data return/deletion.c. Categories: May include identifiers, contact data, communications content, usage data, and other data Customer submits.d. Nature: Collection, storage, retrieval, transmission, transformation, analysis, and deletion.

4. Customer Instructions

Solve will process Personal Data only:

  • as necessary to provide the Services,
  • per Customer’s documented instructions in the Agreement and this DPA,
  • and as required by law (with notice unless prohibited).

5. Security

Solve will maintain appropriate administrative, physical, and technical measures to protect Personal Data (e.g., encryption in transit/at rest, access controls, monitoring, vulnerability management).

6. Subprocessors

a. Authorization: Customer authorizes Solve to retain Subprocessors.b. List + Notice: Solve will maintain a current list of Subprocessors and provide notice of changes.c. Flow-down: Solve will require Subprocessors to comply with data protection obligations at least as protective as those in this DPA.d. Responsibility: Solve remains responsible for Subprocessor compliance.

7. Data Subject Rights

Solve will assist Customer to the extent reasonably necessary and feasible to respond to valid requests to exercise data subject rights (access, deletion, correction, portability, objection).

8. Breach Notification

Solve will notify Customer without undue delay after becoming aware of a Personal Data breach affecting Customer’s Personal Data and provide reasonably available information for remediation and notification obligations.

9. International Transfers

Where applicable, Solve will implement appropriate safeguards (e.g., SCCs) for transfer of Personal Data outside the EEA/UK.

10. Data Return and Deletion

Upon termination, Solve will delete or return Customer Personal Data per Customer’s request, except for backup copies retained per its business practices and legal requirements.

 

 

A.I.

11. Use of Personal Data in AI Features

Solve will not use Customer Personal Data to train, fine-tune, or improve its general AI models beyond what is strictly necessary to provide the Services or as permitted by explicit written consent from Customer.

12. AI Output and Exposure Controls

a. Segmentation: Solve will take reasonable measures to prevent cross-tenant data leakage in AI processing.b. No unintended exposure: Solve will not configure AI Features to expose Customer Personal Data outside of Customer’s tenant.c. Review: Customer acknowledges that AI Output may be imperfect and should be reviewed before use in high-stakes decisions.

13. Logging and Retention

Solve may collect AI logs (e.g., inputs/outputs, errors) for operational, security, and quality purposes. Logs will be:

  • retained for a defined period,
  • protected appropriately, and
  • not used to train general models without explicit consent.

14. Sensitive Personal Data

Unless expressly agreed, Customer will not submit Sensitive Personal Data. If such data must be processed, the parties will agree additional safeguards (e.g., HIPAA BAA) as applicable.

 

 

15. Liability and Indemnity

Each party’s liability for data protection is governed by the Agreement. Solve’s liability is subject to limitations set forth in the Agreement, except where prohibited by law.

16. Order of Precedence

In case of conflict, this DPA governs over the Agreement for data protection and processing terms.

 

© 2026 Solve Data Inc. All Rights Reserved

Privacy Policy