Last Updated: January 02, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Neurova ("Provider", "Processor") and the mental health professional or organization ("Customer", "Controller"). This DPA reflects the parties' agreement with respect to the processing of personal data.
3.1 Roles of the Parties. The parties acknowledge and agree that with regard to the Processing of Personal Data, Customer is the Controller and Neurova is the Processor.
3.2 Customer's Responsibilities. Customer shall, in its use of the Services, Process Personal Data in accordance with the requirements of Data Protection Laws.
3.3 Neurova's Responsibilities. Neurova shall treat Personal Data as Confidential Information and shall only Process Personal Data on behalf of and in accordance with Customer's documented instructions.
Neurova implements and maintains appropriate technical and organizational security measures to protect Personal Data from Security Incidents and to preserve the security and confidentiality of the Personal Data, in accordance with Neurova's security standards described in our Privacy Policy and security documentation.
Customer agrees that Neurova may engage Subprocessors to Process Personal Data on Customer's behalf. The Subprocessors currently engaged by Neurova and authorized by Customer include:
Neurova shall, to the extent legally permitted, promptly notify Customer if Neurova receives a request from a Data Subject to exercise their rights (to access, correct, amend, or delete personal data). Neurova shall provide reasonable assistance to Customer in the fulfillment of Customer's obligation to respond to a Data Subject Request.
This DPA shall remain in effect for as long as Neurova carries out Personal Data Processing operations on behalf of Customer or until termination of the Neurova Terms of Service.