Data Processing Agreement (DPA)

1. Roles and Scope

For customer-provided data, customer acts as controller and Zynovexa acts as processor, limited to documented instructions.

2. Processing Purposes

Processing is limited to service delivery, support, security, monitoring, and lawful operational activities required to provide contracted functionality.

3. Security Measures

• Technical safeguards for confidentiality, integrity, and availability.
• Access control and least-privilege operational principles.
• Incident response workflow with customer notification where required.

4. Subprocessors

Zynovexa may use vetted subprocessors for infrastructure, communications, AI inference, and payment operations under contractual controls.

5. International Transfers

Cross-border data transfers are protected using appropriate contractual and technical safeguards where required by law.

6. Deletion and Return

Upon termination, customer data is deleted or returned according to contractual terms, subject to legal retention requirements.

7. Request Signed DPA

Email legal@zynovexa.com with your account domain, legal entity name, and primary compliance contact.