Data Processing Agreement
This Data Processing Agreement (“DPA”) forms part of the agreement between Navira Quality Systems Pvt Ltd (“Processor”), which owns the Verixa platform, and the customer (“Controller”) for the use of the Verixa platform. The Processor engages Sense7ai, its implementation partner, as a sub-processor.
Scope of Processing
The Processor processes personal data on behalf of the Controller solely for the purpose of providing the Verixa platform and related services as described in the applicable service agreement.
Security Measures
The Processor implements appropriate technical and organizational measures including encryption, access controls, data isolation, and regular security assessments. The platform architecture includes tenant-level data isolation with row-level security.
Data Subject Rights
The Processor assists the Controller in fulfilling data subject rights requests including access, rectification, erasure, and portability, as required by applicable data protection laws.
Sub-processors
The Processor engages sub-processors to support delivery of the Verixa platform, including: Sense7ai (implementation partner — platform engineering and operations); Anthropic (AI / LLM model services); and Amazon Web Services (cloud hosting and infrastructure), among others. Each sub-processor is bound by written data-protection obligations no less protective than those set out in this DPA. The Processor remains responsible for the performance of its sub-processors and will inform the Controller of any intended changes concerning the addition or replacement of sub-processors.
Audit Rights
Upon reasonable prior notice, the Controller may audit, or request documentary evidence of, the Processor’s compliance with this DPA, including relevant certifications, reports, and records of processing. Audits shall be conducted during normal business hours, with minimal disruption to operations, and subject to applicable confidentiality obligations.
Breach Notification
The Processor shall notify the Controller without undue delay, and in any event within 72 hours, of becoming aware of a personal-data breach affecting the Controller’s personal data. Such notification shall describe the nature of the breach, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address it.
Termination
Upon termination or expiry of the applicable service agreement, the Processor shall, at the Controller’s election, return or securely delete all personal data processed on behalf of the Controller, and delete existing copies unless retention is required by applicable law. The Processor shall, upon request, certify in writing that such return or deletion has been completed.
Contact
For DPA inquiries, contact us at dpa@verixa.ai.
© 2026 Navira Quality Systems Pvt Ltd. All rights reserved.