Data Processing Addendum

This page summarizes how Sentinel CX Pro LLC handles customer data processing, sub-processor engagement, and data protection agreements for enterprise customers. It supplements the Privacy Policy with information relevant to organizations evaluating or using Sentinel CX Pro in regulated environments.

Sentinel CX Pro LLC offers a Data Processing Addendum (DPA) to customer organizations that require written data processing terms under applicable law. The DPA is available upon request and may be executed as part of the commercial agreement.

1. Roles and Responsibilities

In most commercial arrangements, the customer organization acts as the data controller (or equivalent under applicable law) and Sentinel CX Pro LLC acts as the data processor. Sentinel CX Pro LLC processes customer data only on behalf of and under the documented instructions of the customer organization, except where required by law.

2. Data Processing Addendum

The Sentinel CX Pro DPA addresses the following areas:

• Scope and nature of processing, including categories of data subjects and types of personal data processed.
• Obligations of the processor, including data security, confidentiality, and personnel requirements.
• Sub-processor engagement, notification, and objection rights.
• Data subject rights assistance, including support for access, correction, deletion, and portability requests.
• Data breach notification procedures and timelines.
• Data return and deletion upon termination of the agreement.
• Audit rights and compliance verification.
• International data transfer mechanisms, including Standard Contractual Clauses.

3. Regulatory Alignment

The DPA is designed to support compliance with the following regulatory frameworks:

4. International Data Transfers

Customer data may be processed in the United States. Where required by applicable law, Sentinel CX Pro LLC supports international data transfers using the European Commission's Standard Contractual Clauses (Module 2: Controller to Processor), as supplemented by a Transfer Impact Assessment where applicable.

The DPA includes pre-signed SCCs that take effect upon execution of the DPA. Customer organizations do not need to negotiate SCCs separately.

5. Sub-Processors

Sentinel CX Pro LLC engages a limited number of sub-processors to provide infrastructure, security, communication, and AI processing services necessary to operate the platform. Sub-processors are engaged under written terms that impose data protection obligations materially consistent with those in the DPA.

Customer organizations with an executed DPA will receive advance notice of new sub-processor engagements and will have the right to object in accordance with the terms of the DPA.

6. Security Measures

Sentinel CX Pro LLC implements administrative, technical, and organizational security measures as described in the Security Notice. These measures are designed to protect customer data against unauthorized access, alteration, disclosure, and destruction. Specific security controls are documented in the DPA and may be provided in further detail to enterprise customers under appropriate confidentiality terms.

7. Data Retention and Deletion

Upon termination of the commercial agreement, Sentinel CX Pro LLC will make customer data available for export for a commercially reasonable period and, following that period, will delete or de-identify customer data in accordance with the DPA, subject to legal retention obligations and technical constraints related to backup systems.

8. Requesting a DPA

Customer organizations may request execution of a DPA by contacting:

• Legal: legal@sentinelcxpro.com
• Privacy: privacy@sentinelcxpro.com

The DPA is available at no additional cost to customer organizations with an active commercial agreement.