Data Processing Addendum
Effective: May 21, 2026
This Data Processing Addendum (“DPA”) forms part of, and is incorporated by reference into, the EULA between you (“Customer”) and Technovault Inc. It governs Technovault’s processing of Customer Data and applies to the extent applicable privacy laws require it (including PIPEDA/BC PIPA, UK/EU GDPR, CCPA/CPRA, and the Australian Privacy Act).
1. Scope and roles
For Customer Data obtained from a QBO company, Customer is the controller / business and Technovault is a processor / service provider, except where Technovault processes limited information for its own account administration, billing, security, fraud prevention, support, legal compliance, and business operations, for which Technovault is an independent controller.
2. Processing instructions
Technovault processes Customer Data only on Customer’s documented instructions — including backup, restore, change-audit, deletion, support, security, and customer-requested CFO analysis — and as otherwise required by law. The EULA, this DPA, and use of the Service constitute Customer’s documented instructions.
3. Confidentiality
Personnel and contractors with access to Customer Data are bound by confidentiality obligations.
4. Security
Technovault maintains appropriate technical and organizational measures, including encryption in transit and at rest, access controls and least privilege, per-company data isolation, logging and monitoring, vulnerability management, incident response, and protection of stored snapshots.
5. Sub-processors
Customer authorizes Technovault to use sub-processors to provide the Service. Technovault maintains a current list on its Sub-processors page, provides notice of material changes, and imposes data-protection obligations on sub-processors that are materially consistent with this DPA.
6. Data-subject requests
Taking into account the nature of the processing, Technovault assists Customer with requests from individuals to access, correct, delete, port, or object to processing of their personal information, to the extent applicable and technically feasible.
7. Breach assistance
Technovault notifies Customer without undue delay after confirming or reasonably suspecting a breach involving Customer Data, and provides the information reasonably available to assist Customer with investigation, mitigation, and any legally required notifications.
8. International transfers
Customer Data may be processed in Canada, the United States, and other locations where Technovault or its sub-processors operate. Where required for UK/EU personal data, transfers rely on Standard Contractual Clauses or an equivalent mechanism, incorporated by reference or through the relevant sub-processor’s terms.
9. Return and deletion
Before deletion, Customer is responsible for exporting any Customer Data it wishes to retain. On termination or a verified deletion request, Technovault deletes the Customer Data it holds. Deletion is immediate and complete — the data is removed as part of the request, not queued for later, and Technovault keeps no residual copies; after deletion, backups cannot be recovered. Technovault’s infrastructure provider may briefly retain deleted data within its own storage replication and durability systems, outside Technovault’s control; Technovault does not access or restore from it. Technovault does not delete its own billing, payment, and tax records where a financial transaction has occurred; these are retained as a controller for the period required by law and are not part of the Customer Data deleted under this clause.
10. Audit and compliance
Technovault provides reasonable documentation, security summaries, and responses to Customer’s reasonable diligence requests to demonstrate compliance with this DPA.
11. CCPA / CPRA service-provider terms
Technovault is a service provider / contractor and will not sell or share Customer Data, use it for cross-context behavioural advertising, retain, use, or disclose it for any purpose other than the business purpose of providing the Service, or combine it with data from other sources except as permitted by law. Technovault provides the same level of privacy protection required of service providers / contractors.
12. Contact
Questions about this DPA: contact us, or write to Technovault Inc., 329 Howe Street #2239, Vancouver, BC V6C 3N2, Canada.