Swvle Data Processing Addendum (DPA)
Last Updated: July 1, 2026
1. Introduction
This Data Processing Addendum ("DPA") forms part of the agreement between Swvle and an Organization Customer using the Swvle platform.
It applies whenever Swvle processes Personal Data on behalf of an Organization Customer in connection with the Services.
If there is a conflict between this DPA and the Terms of Service regarding the processing of Personal Data, this DPA will control.
2. Purpose
Organizations use Swvle to create AI-powered conversational experiences for their customers, fans, employees, visitors, members, and communities.
To provide those Services, Swvle processes certain Personal Data on behalf of the Organization.
This DPA explains those responsibilities.
3. Definitions
For purposes of this DPA:
Personal Data means information relating to an identified or identifiable individual as defined by applicable privacy laws.
Processing means any operation performed on Personal Data, including collection, storage, retrieval, use, disclosure, deletion, or destruction.
Controller means the organization that determines the purposes and means of processing Personal Data.
Processor means the entity processing Personal Data on behalf of the Controller.
Customer means the Organization using the Swvle Services.
Services means the Swvle platform and related products.
4. Roles and Responsibilities
For Personal Data processed through the Services:
- The Organization Customer acts as the Controller.
- Swvle acts as the Processor.
The Organization determines:
- what information is collected
- how Swvle is configured
- which users have access
- what knowledge is uploaded
- how the Services are used
Swvle processes Personal Data only to provide the Services described in the Terms of Service.
5. Scope of Processing
Swvle may process Personal Data including:
- Account information
- Conversation content
- Uploaded files
- Organization content
- User preferences
- Technical information
- Usage information
- Analytics necessary to provide the Services
The categories of Personal Data processed depend upon how the Organization configures and uses Swvle.
6. Processing Instructions
Swvle processes Personal Data only:
- To provide the Services.
- To maintain and secure the platform.
- To provide customer support.
- To comply with applicable law.
- As otherwise instructed by the Organization through its use of the Services.
Swvle does not process Customer Personal Data for unrelated commercial purposes.
7. Confidentiality
Swvle requires employees and authorized contractors who may access Personal Data to be subject to appropriate confidentiality obligations.
Access to Personal Data is limited to individuals who require access to perform their responsibilities.
8. Security
Swvle maintains administrative, technical, and organizational safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.
Security measures include, where appropriate:
- Access controls
- Authentication
- Encryption in transit
- Encryption at rest where appropriate
- System monitoring
- Logging
- Backup procedures
- Incident response procedures
Swvle continually reviews and improves its security practices.
9. Subprocessors
Swvle may engage trusted third-party service providers to assist in delivering the Services.
Swvle remains responsible for ensuring subprocessors are subject to appropriate contractual obligations regarding Personal Data.
A current list of subprocessors is maintained separately in the Swvle Subprocessor List.
10. International Data Transfers
Personal Data may be processed in countries where Swvle or its subprocessors operate.
Where required by applicable law, Swvle will implement appropriate safeguards for international data transfers.
11. Assistance to Customers
Where reasonably requested, Swvle will assist Organization Customers in responding to requests involving:
- Access
- Correction
- Deletion
- Restriction
- Portability
- Objections to processing
to the extent required by applicable privacy laws and the Services.
12. Security Incidents
If Swvle becomes aware of a confirmed Security Incident affecting Customer Personal Data, Swvle will notify the Organization without undue delay after becoming aware of the incident.
The notification will include available information reasonably necessary for the Organization to meet applicable legal obligations.
13. Audits and Information Requests
Upon reasonable written request, Swvle will provide information reasonably necessary to demonstrate compliance with this DPA.
Swvle may satisfy audit requests through:
- Security documentation
- Compliance reports
- Independent certifications
- Written responses
to the extent appropriate for the Services.
14. Data Retention and Deletion
During the term of the Services, Swvle retains Customer Personal Data only as necessary to provide the Services and comply with applicable legal obligations.
Upon termination of the Services, Customer Personal Data will be deleted or returned in accordance with the Terms of Service, applicable law, and Swvle's retention practices.
15. AI Processing
Swvle uses artificial intelligence and retrieval technologies to provide conversational experiences.
When AI services process Customer Personal Data, they do so solely for the purpose of providing the Services requested by the Organization.
Customer Personal Data is not used by Swvle to train general-purpose AI models unless explicitly disclosed and authorized.
16. Data Subject Requests
If Swvle receives a request directly from an individual regarding Personal Data processed on behalf of an Organization Customer, Swvle will, where appropriate:
- Notify the Organization.
- Cooperate with the Organization.
- Respond only where legally required or authorized.
17. Changes to this DPA
Swvle may update this DPA from time to time to reflect changes in law, regulations, or the Services.
Material changes will be communicated as required by applicable law or contract.
18. Governing Law
This DPA is governed by the same governing law specified in the applicable Terms of Service or other written agreement between Swvle and the Organization Customer.
Contact
Questions regarding this DPA may be directed to:
Swvle, Inc.
Privacy Team