Swvle Data Processing Addendum (DPA)

Last Updated: July 1, 2026


1. Introduction

This Data Processing Addendum ("DPA") forms part of the agreement between Swvle and an Organization Customer using the Swvle platform.

It applies whenever Swvle processes Personal Data on behalf of an Organization Customer in connection with the Services.

If there is a conflict between this DPA and the Terms of Service regarding the processing of Personal Data, this DPA will control.


2. Purpose

Organizations use Swvle to create AI-powered conversational experiences for their customers, fans, employees, visitors, members, and communities.

To provide those Services, Swvle processes certain Personal Data on behalf of the Organization.

This DPA explains those responsibilities.


3. Definitions

For purposes of this DPA:

Personal Data means information relating to an identified or identifiable individual as defined by applicable privacy laws.

Processing means any operation performed on Personal Data, including collection, storage, retrieval, use, disclosure, deletion, or destruction.

Controller means the organization that determines the purposes and means of processing Personal Data.

Processor means the entity processing Personal Data on behalf of the Controller.

Customer means the Organization using the Swvle Services.

Services means the Swvle platform and related products.


4. Roles and Responsibilities

For Personal Data processed through the Services:

  • The Organization Customer acts as the Controller.
  • Swvle acts as the Processor.

The Organization determines:

  • what information is collected
  • how Swvle is configured
  • which users have access
  • what knowledge is uploaded
  • how the Services are used

Swvle processes Personal Data only to provide the Services described in the Terms of Service.


5. Scope of Processing

Swvle may process Personal Data including:

  • Account information
  • Conversation content
  • Uploaded files
  • Organization content
  • User preferences
  • Technical information
  • Usage information
  • Analytics necessary to provide the Services

The categories of Personal Data processed depend upon how the Organization configures and uses Swvle.


6. Processing Instructions

Swvle processes Personal Data only:

  • To provide the Services.
  • To maintain and secure the platform.
  • To provide customer support.
  • To comply with applicable law.
  • As otherwise instructed by the Organization through its use of the Services.

Swvle does not process Customer Personal Data for unrelated commercial purposes.


7. Confidentiality

Swvle requires employees and authorized contractors who may access Personal Data to be subject to appropriate confidentiality obligations.

Access to Personal Data is limited to individuals who require access to perform their responsibilities.


8. Security

Swvle maintains administrative, technical, and organizational safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, or destruction.

Security measures include, where appropriate:

  • Access controls
  • Authentication
  • Encryption in transit
  • Encryption at rest where appropriate
  • System monitoring
  • Logging
  • Backup procedures
  • Incident response procedures

Swvle continually reviews and improves its security practices.


9. Subprocessors

Swvle may engage trusted third-party service providers to assist in delivering the Services.

Swvle remains responsible for ensuring subprocessors are subject to appropriate contractual obligations regarding Personal Data.

A current list of subprocessors is maintained separately in the Swvle Subprocessor List.


10. International Data Transfers

Personal Data may be processed in countries where Swvle or its subprocessors operate.

Where required by applicable law, Swvle will implement appropriate safeguards for international data transfers.


11. Assistance to Customers

Where reasonably requested, Swvle will assist Organization Customers in responding to requests involving:

  • Access
  • Correction
  • Deletion
  • Restriction
  • Portability
  • Objections to processing

to the extent required by applicable privacy laws and the Services.


12. Security Incidents

If Swvle becomes aware of a confirmed Security Incident affecting Customer Personal Data, Swvle will notify the Organization without undue delay after becoming aware of the incident.

The notification will include available information reasonably necessary for the Organization to meet applicable legal obligations.


13. Audits and Information Requests

Upon reasonable written request, Swvle will provide information reasonably necessary to demonstrate compliance with this DPA.

Swvle may satisfy audit requests through:

  • Security documentation
  • Compliance reports
  • Independent certifications
  • Written responses

to the extent appropriate for the Services.


14. Data Retention and Deletion

During the term of the Services, Swvle retains Customer Personal Data only as necessary to provide the Services and comply with applicable legal obligations.

Upon termination of the Services, Customer Personal Data will be deleted or returned in accordance with the Terms of Service, applicable law, and Swvle's retention practices.


15. AI Processing

Swvle uses artificial intelligence and retrieval technologies to provide conversational experiences.

When AI services process Customer Personal Data, they do so solely for the purpose of providing the Services requested by the Organization.

Customer Personal Data is not used by Swvle to train general-purpose AI models unless explicitly disclosed and authorized.


16. Data Subject Requests

If Swvle receives a request directly from an individual regarding Personal Data processed on behalf of an Organization Customer, Swvle will, where appropriate:

  • Notify the Organization.
  • Cooperate with the Organization.
  • Respond only where legally required or authorized.

17. Changes to this DPA

Swvle may update this DPA from time to time to reflect changes in law, regulations, or the Services.

Material changes will be communicated as required by applicable law or contract.


18. Governing Law

This DPA is governed by the same governing law specified in the applicable Terms of Service or other written agreement between Swvle and the Organization Customer.


Contact

Questions regarding this DPA may be directed to:

Swvle, Inc.

Privacy Team

privacy@swvle.com

https://www.swvle.com


Related Documents