Legal
Data Processing Addendum
This DPA forms part of customer agreements and defines roles, responsibilities, and safeguards for processing personal data.
Scope & roles
Kovanent acts as a processor for customer-controlled data and as a controller for limited operational metadata. Customers are controllers of end-user data submitted for verification.
Security measures
- Encryption in transit and at rest
- Access controls with least privilege and MFA
- Audit logging and monitoring of verification events
- Business continuity and disaster recovery plans
Sub-processors
We maintain an updated list of sub-processors and provide notice of material changes. Customers may object where permitted by agreement.
Data subject rights
We support access, correction, deletion, and export requests. Customers must route lawful requests to us for fulfillment.