REV·WIRE
Products
Industries Departments
Our Philosophy Certification
About
Book a demo

Legal

Data Processing
Addendum

Standard terms for the processing of personal data on behalf of our customers.

Last Updated: May 2026

This Data Processing Addendum ("DPA") forms part of the agreement between Revalytics Corporation, doing business as Revalytics.AI ("Revalytics," "Processor," "we," "us," or "our") and the applicable customer entity ("Customer" or "Controller") governing access to and use of the Revalytics.AI Services.

This DPA applies where Revalytics processes Personal Data on behalf of Customer in connection with the Services.

1. DEFINITIONS

For purposes of this DPA:

  • "Applicable Data Protection Laws" means applicable privacy, security, artificial intelligence, and data protection laws, including where applicable: the California Consumer Privacy Act ("CCPA"); the California Privacy Rights Act ("CPRA"); applicable U.S. state privacy laws; and other applicable privacy or data protection laws.
  • "Controller" means the entity determining the purposes and means of processing Personal Data.
  • "Processor" means the entity processing Personal Data on behalf of the Controller.
  • "Customer Data" has the meaning given in the Revalytics.AI Terms of Service and includes: recordings; communications; transcripts; operational data; marketing data; revenue data; workforce-related data; analytics inputs; and other information submitted to or processed through the Services.
  • "Personal Data" means information relating to an identified or identifiable individual processed through the Services.
  • "Processing" means any operation performed on Personal Data, including: collection; storage; analysis; use; disclosure; deletion; transmission; or automated processing.
  • "Subprocessor" means a third party engaged by Revalytics to process Personal Data on behalf of Customer.
  • "Security Incident" means unauthorized access to, acquisition of, disclosure of, loss of, destruction of, or alteration of Personal Data processed by Revalytics on behalf of Customer.

2. ROLES OF THE PARTIES

To the extent Applicable Data Protection Laws apply: Customer acts as the Controller, Business, or equivalent regulated entity; and Revalytics acts as the Processor, Service Provider, or equivalent regulated entity.

Customer determines: the categories of Personal Data processed; the purposes of processing; and Customer's use of the Services.

3. CUSTOMER INSTRUCTIONS

Revalytics will process Personal Data: solely to provide, operate, secure, support, and improve the Services; in accordance with Customer instructions; as described in applicable agreements; and as required by applicable law.

Customer acknowledges and instructs Revalytics to process Personal Data for: analytics; reporting; forecasting; operational intelligence; platform improvement; artificial intelligence and machine learning operations; fraud prevention; troubleshooting; security; and related Services functionality.

If Revalytics is legally required to process Personal Data outside Customer instructions, Revalytics will notify Customer unless prohibited by law.

4. CUSTOMER OBLIGATIONS

Customer represents and warrants that: it has all necessary rights and lawful authority to provide Personal Data to Revalytics; it has provided legally required notices; it has obtained legally required consents; and its use of the Services complies with Applicable Data Protection Laws.

Customer is solely responsible for: the legality of Customer Data; recording and monitoring compliance; workforce and employment-related compliance; and the accuracy, quality, and legality of submitted Personal Data.

5. TYPES OF PERSONAL DATA

Depending on Customer's use of the Services, Revalytics may process:

  • identifiers;
  • contact information;
  • communications;
  • call recordings;
  • transcripts;
  • marketing and advertising analytics;
  • revenue and sales analytics;
  • workforce-related operational data;
  • operational metrics;
  • device and usage information;
  • AI-generated analytics and insights;
  • and other Customer-provided business information.

Categories of Data Subjects may include: employees; contractors; customers; leads; vendors; website visitors; support contacts; and other individuals whose information is submitted to the Services.

6. AI MODEL TRAINING & MARION ARCHITECTURE

Customer acknowledges and agrees that Revalytics may process Personal Data and Customer Data to: develop; improve; train; maintain; support; and enhance its internally developed artificial intelligence, analytics, machine learning, forecasting, operational intelligence, and platform systems.

Revalytics applies administrative, technical, and organizational measures designed to reduce unnecessary exposure of Personal Data during model development and platform improvement activities, including: aggregation; de-identification; anonymization; minimization; and related privacy or security safeguards.

MARION, the AI engine at the core of Revalytics.AI, is built using Meta's Llama foundation model fine-tuned by Revalytics.AI using proprietary training data and hosted within Revalytics.AI's controlled cloud infrastructure. Customer data is not transmitted to Meta or unrelated third-party commercial AI providers in the course of normal Service operations for independent model training purposes.

Additional information regarding MARION is available in Revalytics.AI's Responsible AI & Acceptable Use Policy.

7. SECURITY MEASURES

Revalytics implements commercially reasonable administrative, technical, organizational, and physical safeguards designed to protect Personal Data against unauthorized access, loss, misuse, disclosure, alteration, or destruction. Security measures may include:

  • access controls;
  • authentication measures;
  • encryption technologies;
  • logging and monitoring;
  • infrastructure segmentation;
  • vulnerability management;
  • backup systems;
  • and internal security procedures.

Customer acknowledges that: no method of transmission or storage is completely secure; and no security safeguard can guarantee absolute security. Additional information regarding security practices may be available through Revalytics.AI's Security & Trust Center.

8. CONFIDENTIALITY

Revalytics personnel authorized to process Personal Data are subject to appropriate confidentiality obligations. Revalytics seeks to ensure personnel access Personal Data only where necessary to perform authorized operational functions.

9. SUBPROCESSORS

Customer authorizes Revalytics to engage Subprocessors in connection with providing the Services. Revalytics seeks to: maintain commercially reasonable contractual protections with Subprocessors where appropriate; require Subprocessors to implement reasonable security and confidentiality protections; and remain responsible for Subprocessor performance to the extent required by applicable law.

A current list of Subprocessors is available through Revalytics.AI's published Subprocessor List. Revalytics will provide Customer with at least thirty (30) days' advance notice of any new Subprocessor before that Subprocessor begins processing Personal Data on behalf of Customer. Customer may object to the engagement of a new Subprocessor by providing written notice within fifteen (15) days, in which case the parties will work in good faith to address the objection.

If the parties cannot resolve the objection, Customer may terminate the affected Services and receive a pro-rated refund of any prepaid fees.

10. DATA PROCESSING LOCATION

Personal Data is primarily processed within the United States. Customer acknowledges that certain infrastructure providers, subprocessors, support providers, or technical systems may involve limited processing, access, routing, storage, or support activities outside the United States depending on operational requirements and infrastructure architecture.

Where required by applicable law, Revalytics seeks to implement commercially reasonable safeguards relating to cross-border processing activities.

11. DATA SUBJECT REQUESTS

Taking into account the nature of the processing and the information available to Revalytics, Revalytics will provide reasonable assistance to Customer in responding to verified data subject requests relating to: access; deletion; correction; portability; restriction; objection; or similar privacy rights requests, where such assistance is necessary for Customer to fulfill its obligations under Applicable Data Protection Laws.

Revalytics may charge Customer a reasonable fee for assistance that exceeds standard support. Customer remains responsible for responding to data subject requests unless otherwise required by law.

12. SECURITY INCIDENTS

Revalytics will notify Customer without undue delay and, where reasonably feasible, within seventy-two (72) hours after becoming aware of a confirmed Security Incident involving unauthorized access to Personal Data processed on behalf of Customer where notification is required by law or this DPA. Notification may include:

  • available details regarding the incident;
  • affected systems or data categories;
  • remediation measures;
  • mitigation steps;
  • and reasonable cooperation information.

Notification of a Security Incident is not an admission of fault or liability.

13. RETENTION & DELETION

Revalytics may retain Personal Data: as necessary to provide the Services; support platform operations; improve systems; support artificial intelligence development; comply with legal obligations; resolve disputes; enforce agreements; maintain security; and support legitimate operational and business purposes.

Retention determinations may consider: operational requirements; customer instructions; legal obligations; security considerations; backup and archival requirements; dispute resolution requirements; and the nature and sensitivity of the information.

Upon termination of Services and written request by Customer, Revalytics will take commercially reasonable steps to delete or return Personal Data unless retention is required for: legal obligations; backup systems; dispute resolution; security requirements; fraud prevention; or legitimate operational purposes. Certain information may remain in backups, archives, logs, or security systems for limited periods consistent with operational, legal, and security requirements.

14. AUDITS & INFORMATION REQUESTS

Revalytics will, upon Customer's reasonable written request and subject to confidentiality protections, provide information reasonably necessary to demonstrate compliance with this DPA, including: responses to security questionnaires; copies of any third-party audit reports (such as SOC 2 reports) that Revalytics maintains; and other commercially reasonable compliance materials.

Where Customer requires audit beyond the materials Revalytics provides, the parties will work in good faith to agree on the scope, timing, and cost of such audit. Any audit must: be reasonable in scope; avoid disruption to operations; protect confidential information; and comply with Revalytics's security procedures. Customer is responsible for the costs of any audit conducted by Customer or a third party retained by Customer.

15. LIMITATION OF LIABILITY

To the maximum extent permitted by law, liability arising under this DPA will be subject to the limitations and exclusions of liability contained in the applicable agreement between the parties.

16. GOVERNING LAW

This DPA will be governed by the governing law provisions contained in the applicable agreement between the parties unless otherwise required by applicable law.

17. CHANGES TO THIS DPA

Revalytics may update this DPA periodically to reflect changes in: legal requirements; technology; operational practices; platform functionality; security practices; regulatory guidance; or business activities. Updated versions will be posted with a revised effective date.

18. CONTACT INFORMATION

Questions regarding this DPA or data processing practices may be directed to: privacy@revalytics.ai

For legal notices or contract-related communications, contact: legal@revalytics.ai

Revalytics Corporation
500 W 2nd St Suite 1900
Austin, TX 78701