Global Data Residency & Compliance Policy

Last Updated: 16th February 2026

This Global Data Residency & Compliance Policy describes how GoVivace Inc. (“GoVivace,” “we,” “us,” or “our”) collects, stores, processes, transfers, and protects your personal data in connection with our services (“Services”), and explains your privacy rights and how the applicable data protection laws (including GDPR) are satisfied through our global and localized infrastructure.

1. Introduction

GoVivace is committed to protecting your privacy and ensuring compliance with global and local data protection laws in all regions where we operate. Whether you are accessing our Services from North America, the European Union, India, or elsewhere, this policy outlines your rights and how we meet regional requirements such as the General Data Protection Regulation (GDPR) and other applicable data protection and residency expectations.

2. Data Residency & Sovereign Deployments

While our primary cloud infrastructure is US-based, GoVivace understands that many customers require geographic data control and jurisdictional autonomy for regulatory, compliance, or contractual reasons.

GoVivace supports the following deployment options:

• Our Public Cloud (US-based)
• Private Cloud Deployments hosted by you
• Our Sovereign Regional Server Deployments, including but not limited to:
  • India Sovereign Hosting
  • EU-Localized Hosting

These options allow your organization to ensure 100% jurisdictional data autonomy and residency in the region where your business or customers operate, helping to meet data sovereignty and legal requirements of local authorities. Data stored in these sovereign deployments remains under the applicable region’s governing laws and is processed only within that jurisdiction unless otherwise agreed in writing.

3. Information We Collect and Use

We collect personal information that you voluntarily provide and other technical information (such as IP address, device characteristics, browser type) necessary to deliver, secure, and improve the Services. Personal data is only processed for legitimate business purposes, such as delivering the Services, security, analytics, and compliance with legal obligations.

4. GDPR Compliance & EU Data Protection

GoVivace is committed to meeting the requirements of the General Data Protection Regulation (GDPR) for individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland. GDPR applies to any entity – including those outside the EU – that processes personal information of EU residents.

Key GDPR Compliance Practices

• Lawfulness, Fairness & Transparency:
  We process personal data on lawful bases such as consent, contract necessity, or legitimate interest and provide transparency through this policy.
• Purpose Limitation & Minimization:
  We collect only data necessary for the purposes outlined and do not use data for unrelated purposes without additional notice and consent.
• Data Subject Rights:
  You have rights including: access, correction, deletion, restriction, portability, and objection. Exercise these rights via our contact information below.
• Data Security:
  We implement appropriate technical and organizational measures to protect data against unauthorized access, loss, or misuse.
• International Transfers:
  Personal data may be transferred to locations outside the EEA only when appropriate safeguards (such as EU Standard Contractual Clauses or deployment in EU-localized servers) are implemented to ensure equivalent protection rights.
• Data Processing Agreements:
  In situations where GoVivace acts as a data processor, we enter into GDPR-compliant data processing agreements (DPAs) with our customers detailing obligations and responsibilities.

5. How and Where Your Data is Stored

Data collected through our Services may be stored and processed in multiple locations:

• US Public Cloud Infrastructure — default environment
• Region-Specific Sovereign Deployments — upon contractual agreement

Choosing a sovereign region-specific deployment ensures compliance with local data residency requirements and can simplify adherence to regional regulations such as GDPR, India’s evolving privacy laws, or other jurisdictional mandates.

6. Cookie and Tracking Technologies

GoVivace uses cookies and similar tracking technologies to ensure the proper functioning of our websites and to improve user experience.

Cookies may be used to:

• Enable core website functionality
  
• Maintain session security
  
• Analyze website usage and performance
  
• Improve content relevance and usability
  

Cookies do not collect information that directly identifies you unless you voluntarily provide such information.

You may control or disable cookies through your browser settings. Please note that disabling certain cookies may impact website functionality.

Where required by applicable law, consent for non-essential cookies is obtained through appropriate mechanisms.

7. Information Security & ISO 27001 Alignment

GoVivace follows industry-recognized security practices to protect customer data from unauthorized access, loss, misuse, or disclosure.

Our security controls are aligned with the principles of ISO/IEC 27001, including:

• Access control and authentication mechanisms
  
• Encryption of data at rest and in transit
  
• Secure development and change management practices
  
• Continuous monitoring and incident response procedures
  
• Role-based access and least-privilege enforcement
  

These controls are designed to safeguard personal and enterprise data across cloud, private, and sovereign deployment models.

8. Transfer of Information

Due to the global nature of our operations, personal information may be transferred to and processed in countries other than the one in which it was originally collected.

When such transfers occur, GoVivace ensures that:

• Transfers are conducted in accordance with applicable data protection laws
  
• Appropriate safeguards are in place, such as contractual protections or region-specific deployments
  
• Data is transferred only for legitimate business purposes
  

For customers requiring strict data residency, GoVivace offers private, regional, or sovereign deployment options to minimize or eliminate cross-border data transfers.

9. Processing of Information by Third Parties

GoVivace may engage trusted third-party service providers (“Sub-processors”) to support the delivery and operation of our services. These may include providers for infrastructure, analytics, customer support, or operational tooling.

When engaging third parties:

• Processing is limited to the specific services they provide
  
• Sub-processors are contractually obligated to protect data confidentiality and security
  
• Third parties may not use personal data for their own purposes
  
• Access is restricted to what is necessary to perform agreed services
  

GoVivace remains responsible for ensuring that third-party processing complies with applicable privacy and data protection requirements.

A list of sub-processors may be made available upon request, subject to contractual obligations.

10. Your Rights & How to Exercise Them

Depending on your region, you may have the right to:

• Access your personal data
• Correct inaccurate information
• Request deletion of your data
• Restrict or object to processing
• Receive your data in a portable format

To exercise these rights, please contact us at the email address listed in Section 10.

11. Changes to this Policy

GoVivace may update this policy to reflect changes in legal requirements, our Services, or deployment options. We will indicate the updated “Last Updated” date at the top of this page when significant changes occur.

12. Contact & Data Protection Officer (DPO)

If you have questions about this policy, want to exercise your rights, or need assistance with compliance matters, please contact:

Email: support@govivace.com
GDPR/DPO Contact: (If applicable, list GDPR representative information for EU and UK compliance)

13. Acknowledgements & Legal Basis

By using GoVivace’s Services, you acknowledge that your personal data will be handled in accordance with this Global Data Residency & Compliance Policy. We strive to provide transparency, regional compliance support, and flexible deployment options that align with your regulatory needs.