Data Processing Agreement
Current as of June 29, 2026
This Data Processing Agreement ("DPA") applies where CoreTV LLC processes personal data on your behalf — for example, the leads, contacts, messages, bookings, and call transcripts captured by the websites, CRMs, chatbots, and AI receptionists we build and operate for you. It forms part of, and is governed by, our Terms of Service.
1. Roles of the parties
For personal data relating to your business's own customers and contacts, you are the "Controller" (you decide why and how it is processed) and CoreTV LLC is the "Processor" (we process it on your documented instructions to provide the service). For data about your own account and our direct relationship with you, CoreTV LLC acts as Controller under our Privacy Policy.
2. Subject matter, duration & purpose
We process personal data only to provide and support the services you have engaged us for — hosting and operating your site or app, capturing and routing leads, running your chatbot or AI receptionist, sending the email/SMS workflows you configure, and related support. Processing lasts for the term of your services plus any limited retention described below.
3. Categories of data & data subjects
Depending on what you configure, this may include: identifiers and contact details (names, emails, phone numbers), lead and enquiry details, appointment and booking data, call and chat transcripts, and usage/analytics data. Data subjects are typically your customers, prospects, and site visitors. You agree not to route special-category or highly sensitive data through the services unless expressly scoped and agreed.
4. Our obligations as processor
We will: process personal data only on your documented instructions; ensure people authorized to process it are bound by confidentiality; implement appropriate technical and organizational security measures; assist you, taking into account the nature of processing, with data-subject requests and your own compliance obligations; and make available the information reasonably needed to demonstrate compliance.
5. Subprocessors
CoreTV LLC uses vetted subprocessors to deliver the services — for example, cloud hosting and database providers, email/SMS delivery, payment processing, and AI model providers. We require subprocessors to offer data-protection terms consistent with this DPA and remain responsible for their performance. A current list is available on request, and we will give notice of intended changes so you can object.
6. Security measures
We maintain measures appropriate to the risk, including encryption in transit (SSL/TLS), access controls and least-privilege, network and dependency hardening, monitoring, and regular backups with restore procedures. Security is reviewed and updated as the threat landscape changes.
7. Data-subject rights
We provide tooling and reasonable assistance so you can respond to data-subject requests — access, correction, deletion, portability, and objection — within the timeframes the law requires. Where a request reaches us directly about your data, we refer it to you as Controller.
8. Breach notification
If we become aware of a personal-data breach affecting data we process for you, we will notify you without undue delay and provide the information reasonably available to help you meet your notification obligations.
9. Return & deletion
On termination, and at your choice, we will return or delete the personal data we process for you, except where retention is required by law. Routine backups are cycled out on our standard schedule.
10. International transfers
Where personal data is transferred across borders, we rely on a lawful transfer mechanism appropriate to the destination and the data involved, and require our subprocessors to do the same.
Download this document
Save a PDF copy for your records.
Questions about this document? Email legal@core.example — a human reads it.