Data Processing Addendum
Last updated: April 2026
The Kurvant Data Processing Addendum (DPA) supplements our agreements with customers and describes our roles and responsibilities under GDPR, UK GDPR, and equivalent regimes.
Roles of the parties
When Kurvant processes personal data on behalf of a customer in the course of providing a product, Kurvant acts as a Processor and the customer as the Controller.
Sub-processors
We use a small number of vetted sub-processors to operate our products. We will provide details of those sub-processors on request.
Security measures
Kurvant maintains technical and organizational measures consistent with our Trust & Security page, including encryption, access control, and routine review.
International transfers
Where applicable, we use Standard Contractual Clauses and additional safeguards.
Sign the DPA
Customers can request a counter-signed DPA from legal@kurvant.com.
Questions about this document? Email legal@kurvant.com.