Privora
Beta

Legal

Data Processing Addendum

Last updated: June 10, 2026. This is a customer-facing DPA outline and should be reviewed against final commercial agreements.

1. Purpose

This Data Processing Addendum describes how Privora processes customer-controlled personal data when providing the service. It is intended to supplement an order form, master services agreement, or terms accepted by a customer.

2. Roles

For customer workspace content, the customer is generally the data controller or processor acting for its own clients, and Privora acts as a processor or subprocessor according to the customer instructions and applicable agreement.

3. Processing instructions

Privora will process customer personal data to provide, secure, support, maintain, improve, and troubleshoot the service; comply with documented customer instructions; and meet legal obligations.

4. Categories of data

Customer data may include user identity data, client records, organization records, evidence metadata, uploaded documents, comments, tasks, approvals, assessment records, reports, audit logs, and support communications.

5. Confidentiality and access

Privora will restrict access to personnel and service providers who need access for authorized purposes and are bound by confidentiality obligations.

6. Security measures

Privora will maintain reasonable technical and organizational measures including access controls, logging, backups, monitoring, secure configuration, vulnerability management, and incident response practices appropriate to the service.

7. Subprocessors

Privora may use subprocessors for hosting, storage, authentication, email, analytics, support, payment, AI, monitoring, and infrastructure operations. Privora remains responsible for subprocessors as required by the customer agreement.

8. Assistance

Taking into account the nature of processing, Privora will provide reasonable assistance for data subject requests, security questions, audits, DPIAs, and compliance evidence where required and commercially reasonable.

9. Incidents

Privora will notify affected customers without undue delay after becoming aware of a confirmed personal data breach affecting customer data, subject to investigation, legal restrictions, and available information.

10. Return and deletion

Upon termination or written request, Privora will return, export, delete, or de-identify customer data according to the agreement, product capability, backup retention, and legal requirements.

11. Audit

Privora may provide security documentation, compliance summaries, or reasonable audit assistance. On-site audits require prior written agreement and may be subject to confidentiality, scope, timing, and cost controls.

12. Conflicts

If this page conflicts with a signed agreement or order form, the signed agreement or order form controls for that customer.

Questions about data processing terms should be sent to legal@privora.ng or privacy@privora.ng.

Policy brief

Data processing addendum summary

The Privora data processing addendum outline describes how customer-controlled personal data may be processed when Privora provides the service.

For customer workspace content, the customer is generally the controller or processor acting for its own clients.

Privora processes customer personal data to provide, secure, support, maintain, improve, and troubleshoot the service under documented instructions.

The outline addresses processing roles, instructions, categories of data, confidentiality, security measures, subprocessors, incidents, return, deletion, and audit support.

Frequently asked questions

What does the Privora DPA cover?
It outlines how Privora processes customer-controlled personal data when providing the service and is intended to supplement customer agreements.
What customer data may Privora process?
Customer data may include users, client records, organization records, evidence metadata, uploaded documents, comments, tasks, approvals, assessments, reports, audit logs, and support communications.
How does Privora handle subprocessors?
Privora may use subprocessors for hosting, storage, authentication, email, analytics, support, payment, AI, monitoring, and infrastructure operations, while remaining responsible as required by the customer agreement.