Data Processing Addendum (Template)

Version: Draft template — June 25, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between the customer ("Customer") and ServiceVisit Technologies, LLC ("ServiceVisit") for the provision of the ServiceVisit platform (the "Services"), as set out in the Terms of Service or a separate written agreement (the "Agreement"). It governs the processing of personal data that ServiceVisit performs on Customer's behalf. Where this DPA conflicts with the Agreement regarding the processing of personal data, this DPA controls.

Note: This is a template. Final, jurisdiction-specific terms — including any applicable standard contractual clauses, regional addenda, governing law, and liability provisions — are to be completed and reviewed by legal counsel before execution.

1. Definitions

Terms such as "personal data," "processing," "controller," "processor," "data subject," and "supervisory authority" have the meanings given under applicable data-protection law. "Customer Personal Data" means personal data that ServiceVisit processes on behalf of Customer in providing the Services.

2. Roles of the parties

For Customer Personal Data, Customer acts as the controller (or as a processor on behalf of its own customers), and ServiceVisit acts as the processor (or subprocessor) processing such data on Customer's documented instructions. Each party will comply with its obligations under applicable data-protection law.

3. Scope and instructions

ServiceVisit will process Customer Personal Data only:

  1. to provide, maintain, secure, and support the Services in accordance with the Agreement;
  2. as further instructed by Customer in writing, where such instructions are consistent with the Agreement; and
  3. as required by applicable law (in which case ServiceVisit will, where legally permitted, inform Customer of the legal requirement before processing).

The subject matter, duration, nature and purpose of processing, the types of personal data, and the categories of data subjects are described in Annex A.

4. Customer (controller) responsibilities

Customer is responsible for:

  • the accuracy, quality, and legality of Customer Personal Data and the means by which it was obtained;
  • having a valid legal basis and any required notices or consents for the processing;
  • its configuration and use of the Services, including access controls and what data it submits; and
  • responding to data subjects where it acts as controller, with ServiceVisit's assistance as set out below.

5. ServiceVisit (processor) responsibilities

ServiceVisit will:

  • process Customer Personal Data only as described in Section 3;
  • ensure that personnel authorized to process Customer Personal Data are bound by appropriate confidentiality obligations;
  • implement and maintain appropriate technical and organizational security measures (Section 6);
  • engage subprocessors only in accordance with Section 7;
  • assist Customer, taking into account the nature of the processing, with data-subject requests (Section 8), and with security, breach notification, and data-protection impact assessments, as required by applicable law; and
  • at Customer's choice, delete or return Customer Personal Data as described in Section 10.

6. Security

ServiceVisit will maintain technical and organizational measures designed to protect Customer Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, appropriate to the risk. A high-level description of ServiceVisit's security practices is set out in the Security Overview. ServiceVisit will notify Customer without undue delay after becoming aware of a personal-data breach affecting Customer Personal Data and will provide information reasonably available to it to assist Customer in meeting its obligations.

7. Subprocessors

Customer provides general authorization for ServiceVisit to engage subprocessors to process Customer Personal Data, subject to ServiceVisit:

  • imposing data-protection obligations on each subprocessor that are no less protective than those in this DPA; and
  • remaining responsible for its subprocessors' performance of their obligations.

ServiceVisit will maintain a list of subprocessors and provide a mechanism to notify Customer of intended changes, as described in the Subprocessor Policy, giving Customer the opportunity to object on reasonable data-protection grounds.

8. Data-subject requests

Taking into account the nature of the processing, ServiceVisit will provide reasonable assistance, including through appropriate technical and organizational measures and Service functionality, to enable Customer to respond to requests from data subjects to exercise their rights under applicable law. If ServiceVisit receives such a request directly relating to Customer Personal Data, it will, where legally permitted, direct the data subject to Customer.

9. International transfers

Where the processing of Customer Personal Data involves a cross-border transfer subject to data-protection law, the parties will put in place an appropriate transfer mechanism recognized under applicable law. [Transfer mechanism and any applicable standard contractual clauses or regional addenda to be specified by counsel.]

10. Retention and deletion

ServiceVisit will retain Customer Personal Data for the duration of the Agreement and as needed to provide the Services. Following termination or expiry, and on Customer's request, ServiceVisit will delete or return Customer Personal Data within a commercially reasonable period, except to the extent retention is required by law or for legitimate, limited purposes (such as backups pending routine deletion). Certain records that form part of a property's durable service history may persist as described in the Privacy Policy; the parties will address any such records in the Agreement.

11. Audits

ServiceVisit will make available information reasonably necessary to demonstrate compliance with this DPA and will allow for and contribute to audits, including inspections, conducted by Customer or an auditor mandated by Customer, subject to reasonable confidentiality, scheduling, scope, and frequency limits to be set out in the Agreement.

12. General

This DPA is governed by the law and dispute-resolution terms of the Agreement, except where data-protection law requires otherwise. Liability under this DPA is subject to the limitations set out in the Agreement. [Governing law, liability caps, and order of precedence to be confirmed by counsel.]

Annex A — Details of processing

  • Subject matter: Provision of the ServiceVisit Services to Customer.
  • Duration: The term of the Agreement, plus any period for return or deletion.
  • Nature and purpose: Hosting, processing, and supporting Customer Personal Data to deliver the Services, including property and service records, communications, and related features.
  • Types of personal data: [To be completed — e.g., contact details, account data, property and service information, communications content, usage data.]
  • Categories of data subjects: [To be completed — e.g., Customer's personnel and authorized users, and Customer's own customers (such as homeowners) whose data Customer submits.]

Annex B — Subprocessors

See the Subprocessor Policy for the current categories and list of subprocessors and the change-notification process.

Annex C — Security measures

See the Security Overview for a high-level description of the technical and organizational measures. Detailed measures may be provided to Customer on request, subject to confidentiality.

← Back to Legal Hub

ServiceVisit Sales

Pre-sales questions? Ask away.

Say hello to get started.