We are dedicated to safeguarding the privacy of our clients, their associates, customers, employees, and all users of our website, platforms, and services.

  1. Introduction
    At Improzo Inc. (“Improzo”, “Us”, “We”, “Our”, or the “Company”), we value your privacy and the importance of protecting your data.This Data Protection Addendum (“DPA”) describes our current data protection and privacy practices for the activities set out below. It explains how we collect, store, access, transfer, and otherwise process Customer Personal Data on behalf of our customers.This DPA forms part of the agreement between Improzo and the Customer governing access to and use of our products, services, websites, software, analytics platforms, support systems, AI-enabled tools, and related offerings.We take privacy and data security seriously and believe in transparency. We are committed to protecting personal data in accordance with the highest standards of privacy regulations. Accordingly, we follow obligations under applicable laws including:

    • General Data Protection Regulation (GDPR)
    • UK GDPR
    • Swiss Federal Data Protection Act
    • California Consumer Privacy Act (CCPA/CPRA)
    • Other applicable privacy, cybersecurity, and data protection laws

    Last Updated: April 2026

  2. Scope of This DPA
    This DPA applies to all Improzo websites, domains, services, software, products, cloud platforms, support channels, integrations, and business operations where Customer Personal Data is processed.This DPA does not apply to third-party applications, products, or websites that may be linked through our services. Such third parties operate independently and maintain their own privacy practices.
  3. Processing Activities
    This DPA applies when you interact with Improzo by doing any of the following:

    • Using our services as an authorized customer or user
    • Visiting any Improzo website linked to this DPA
    • Receiving communications from us, including email, newsletters, support updates, or calls
    • Submitting data through our platforms or integrations
    • Using AI-enabled or automated service features
  4. Roles and Responsibilities
    For purposes of applicable privacy laws:

    • Customer acts as the Controller / Business
    • Improzo Inc. acts as the Processor / Service Provider

    The Customer determines why and how personal data is collected. Improzo processes data only:

    • Under documented customer instructions
    • To provide contracted services
    • To comply with legal obligations
    • To maintain system security and integrity
    • To improve service functionality
  5. Personal Data We May Process
    Depending on the services used, we may process:
    Basic Identity Data

    • Full name
    • Work email address
    • Username or account ID
    • Contact number

    Customer Submitted Data

    • Postal address
    • Date of birth
    • Employment history
    • HR records
    • Uploaded documents
    • Business operational information

    Technical Data

    • IP address
    • Browser type
    • Device information
    • Login activity
    • Usage logs
    • Security event logs

    Sensitive Data
    Improzo does not intentionally require sensitive or special category personal data unless expressly agreed in writing and legally permitted.

  6. How We Use Personal Data
    We process Customer Personal Data only for legitimate business purposes such as:

    • Delivering contracted services
    • User authentication and Single Sign-On (SSO)
    • Managing customer accounts
    • Technical support
    • Analytics and reporting
    • Security monitoring and fraud prevention
    • Service improvement and debugging
    • AI-enabled features related to service delivery
    • Backup and disaster recovery
    • Compliance with legal or regulatory obligations
  7. Security Measures
    We implement administrative, technical, and physical safeguards designed to protect Customer Personal Data.
    Organizational Controls

    • Security governance and ownership
    • Employee confidentiality commitments
    • Background verification where permitted by law
    • Security awareness training
    • Internal policy reviews
    • Vendor risk management

    Access Controls

    • Least privilege access model
    • Unique user IDs
    • Strong password controls
    • Multi-Factor Authentication (MFA)
    • Periodic access reviews
    • Logged administrative activity

    Infrastructure Security
    Improzo uses secure cloud environments including Amazon Web Services infrastructure with:

    • Multi-zone resiliency
    • Backup restoration testing
    • Disaster recovery planning
    • Vulnerability management
    • Security logging and monitoring
    • Patch management

    Encryption

    • HTTPS / TLS encryption in transit
    • Encryption protections for stored data where applicable
  8. International Data Transfers
    As a global business, personal data may be transferred to jurisdictions outside the customer’s home country.Where required, Improzo uses lawful transfer mechanisms such as:

    • EU Standard Contractual Clauses (SCCs)
    • UK International Data Transfer Addendum
    • Other approved safeguards under applicable laws

    Where necessary, additional supplementary protections may be implemented.

  9. AI & Automated Processing
    Improzo may use AI and machine learning technologies to support contracted services.Where applicable:

    • AI processing is limited to authorized service delivery purposes
    • Processing remains governed by this DPA
    • Privacy and security safeguards continue to apply
    • Certain workloads may operate in Frankfurt, Germany region infrastructure
  10. Data Subject Rights
    Where required by law, Improzo supports Customers in responding to requests involving:

    • Access to personal data
    • Correction of inaccurate information
    • Deletion requests
    • Restriction of processing
    • Data portability
    • Objection requests
    • Privacy complaints
    • Withdrawal of consent where applicable
  11. Security Incidents
    If Improzo becomes aware of a confirmed personal data breach affecting Customer Personal Data, we will notify the Customer without undue delay and provide available information reasonably required to support legal and regulatory obligations.
  12. Retention & Deletion
    We retain Customer Personal Data only for as long as necessary to:

    • Deliver services
    • Meet contractual obligations
    • Resolve disputes
    • Meet legal requirements
    • Enforce agreements

    Upon termination of services, data will be returned or securely deleted where contractually or legally required.

  13. External Links
    Our websites or services may contain links to third-party websites. We are not responsible for the privacy practices, content, or security controls of external sites.We encourage users to review third-party privacy notices before sharing personal data.
  14. Updates to This DPA
    We reserve the right to update this DPA from time to time to reflect operational, legal, or regulatory changes.The latest version will always be available on our official website. Continued use of our services after updates constitutes acceptance of the revised version.
  15. Contact Our Data Protection Officer
    If you have any questions, privacy concerns, complaints, or requests regarding this DPA or your personal data, please contact us:Email: dpo@improzo.com
    Address: 1 Broadway | Cambridge, MA 02142 | USA