Customer Agreement Changes

This page tracks updates to the legal documents and policies governing SOVA Systems’ products, services, and websites. Each entry summarizes what changed, when the change took effect, and what (if any) action is required by SOVA Customers and Users.

For an overview of SOVA’s current privacy practices, see the SOVA Privacy Center. For an overview of the documents involved in a SOVA contract, see SaaS Contracting at SOVA.

Changes posted May 7, 2026

SOVA Systems published updates to the Master Services Agreement, new shipping-related legal documents, and refreshed several support articles effective May 7, 2026. These changes build on the May 6, 2026 legal refresh and introduce a new addendum-gated model for the shipping facilitation features within the Lost and Found module.

Master Services Agreement v2026.2

• Section 1 (Structure) — Addenda (Shipping Services Addendum, Data Processing Agreement, Biometric Addendum) are now formally enumerated in the document hierarchy and slotted into the conflict-of-priority clause. Executed addenda take priority over the MSA with respect to their specific subject matter.
• Section 13 (Lost and Found Module) — Rewritten to separate the Lost and Found data terms (which apply to all L&F customers) from the shipping terms (which apply only to customers who execute the Shipping Services Addendum). Customers who use L&F without SOVA’s shipping features are not subject to the Shipping Services Addendum.
• Exhibit A, Section 2 — Cross-reference for the Lost and Found Module updated to reference the Shipping Services Addendum.
• Exhibit G (Lost and Found SPD) — Slimmed from 11 sections to 3 sections. Shipping workflow, payment processing, carrier responsibility, insurance, scenarios, shipping indemnification, and shipping warranty disclaimer have been relocated to the Shipping Services Addendum. New sections added for Customer use of external shipping (acknowledging customers who ship through their own means) and the Shipping Services Addendum bridge clause (execution-gated, audit-logged enablement, mirroring the Biometric Addendum pattern from Section 11).
• Signature block — Entity name corrected from “SOVA SYSTEMS, INC.” to “SOVA SYSTEMS, LLC” to match the California Secretary of State filing and the opening paragraph of the Agreement.

New shipping documents

• Shipping Services Addendum v2026.2 — New addendum governing the shipping facilitation features of the Lost and Found module. The Addendum is executed by Customer and SOVA before SOVA enables the shipping feature, following the same pattern as the Biometric Addendum. Covers the shipping workflow, role allocation and custody, Customer packaging and weighing obligations, in-platform attestations, guest authorization chain, item verification, third-party carriers, optional shipping insurance (XCover via Shippo), declared value limits ($5,000 USD maximum), prohibited and restricted items (including alcohol, cannabis/CBD, aerosols, and tobacco), lithium battery and hazardous materials requirements (49 CFR §173.185), prescription medication and controlled substance restrictions (DEA Schedules I–V prohibited; non-controlled Rx in original pharmacy packaging only), international shipments and OFAC sanctions compliance, payment processing and PCI architecture (SAQ-A scope), scenarios and liability allocation, limitation of liability, indemnification, and guest-facing shipping terms.
• Shipping Terms & Authorization — New guest-facing click-through terms presented to hotel guests before completing payment for return-to-guest shipments. Covers authorization of the charge, item identification (photo verification where available), guest representation about package contents (lithium batteries, alcohol, cannabis, controlled substances, aerosols named in plain English), optional shipping insurance, custody and risk of loss, delivery estimates, international shipment duties, refund and chargeback procedures, privacy (Stripe handles payment; cross-reference to Services Privacy Policy), limitation of liability, and governing law.

Privacy policy updates

• Website Privacy Policy — Minor edit: Service Providers clause updated for parallelism with the Services Privacy Policy (“and to apply appropriate confidentiality and security protections” added).
• Services Privacy Policy — Minor edit: CovidSurveyUser cookie disclosure removed from the “Optional Customer features” subsection, as the COVID health-screening survey feature is no longer deployable to Customers.

Platform changes

• Lost & Found inquiry modals — The terms and privacy notice presented to guests submitting a lost-item inquiry have been refreshed. Checkbox label updated to “I have read and agree to the Lost & Found Inquiry Terms and the Privacy Notice.” Modal content aligned with the May 2026 privacy policies. Duplicate modal ID fixed. Old shipping article URL replaced with the new Shipping Services Addendum URL. Privacy contact updated to privacy@sovasystems.com.
• Shipping payment workflow — The “View full terms of service” link on the guest payment page has been renamed to “Shipping Terms & Authorization” and now opens the updated guest-facing terms. Adjacent text near the payment button references the terms by name.

Support articles refreshed

• E-Sign Consent for Electronic Communications — Refreshed to match the May 2026 document family. Entity reference corrected. Tax documents bullet removed. Microsoft Edge added to supported browsers. Email option added for paper-copy requests and consent withdrawal. Privacy cross-references added.
• Mobile Alerts Terms — Full rewrite replacing the January 2020 version. Arbitration clause and class action waiver removed (disputes now governed by California courts, aligned with MSA §31). Message types accurately described as operational only (no marketing). Message frequency updated to 5–15 per month. Autodialer consent language removed (not applicable post-Duguid). Consumer indemnification clause removed. Privacy cross-reference added.
• Shared Responsibility with SOVA — Full rewrite aligned to MSA v2026.2. Data retention and disposal description corrected to match MSA §§26–27. New Feature-Specific Responsibilities table covering biometric features, AI features, location tracking, shipping services, driver license scanning, and audio/video/image capture. Operational Support Team access controls and development environment data masking added. MDM vendor recommendation removed. Contact emails updated.
• Security Best Practices for SOVA Customers — Full rewrite. Password guidance updated to NIST 800-63B. New sections for shipping-specific guidance (lithium batteries, prohibited items, package security), AI features (including warning against pasting SOVA data into external AI tools), and privacy cleanup. Driver license section updated for the platform’s DL scanning feature. HIPAA references reframed. GDPR privacy cleanup tool documented with correct URL. MDM sales pitch removed. Yubikey promise removed.

Documents retired

• SOVA Appliance Hardware Policy (April 2018) — superseded by Exhibit C (Hardware SPD) in the MSA.
• CoBrowse and ScreenShare Consent Agreement — superseded by Exhibit D (Support SPD) in the MSA and by the in-session consent UX.

What action, if any, is required

SOVA Customers under existing Master Services Agreements (v2026.1): Your existing agreement remains in effect. The MSA v2026.2 changes will apply at your next renewal or upon execution of the Shipping Services Addendum, whichever comes first. The refreshed support articles and privacy policy updates are effective immediately.

SOVA Customers currently using the shipping feature: SOVA will contact you to execute the Shipping Services Addendum. The shipping feature will continue to operate during this transition period. Once the Addendum is executed, your use of the shipping feature is governed by the Addendum.

SOVA Customers signing new agreements: New agreements signed on or after May 7, 2026 will be on the Master Services Agreement v2026.2. Customers electing to use the shipping feature will execute the Shipping Services Addendum at the time of enablement.

SOVA Customers who use Lost and Found but ship through their own means: No action is required. The Shipping Services Addendum applies only to customers who use SOVA’s integrated shipping features. Exhibit G (Lost and Found SPD) now explicitly acknowledges external shipping and confirms that SOVA has no role in or responsibility for shipments processed outside the SOVA platform.

Visitors to the SOVA support site: No action is required. The refreshed support articles are informational guidance and do not impose new obligations.

Changes posted May 6, 2026

SOVA Systems published a comprehensive refresh of its customer-facing legal documents and privacy policies effective May 6, 2026. This refresh aligns SOVA’s legal documents with SOVA’s current operating entity (SOVA Systems LLC, a California limited liability company), current privacy law (CCPA/CPRA and other U.S. state privacy laws), current product capabilities (including biometric features, driver license scanning, audio and video capture, and machine learning), and current customer base.

Customer agreements

• Master Services Agreement v2026.1 — significant update reflecting the current entity, refreshed warranty and liability provisions, new sections on data privacy and protection (Section 7), biometric data (Section 11), open source components, alpha environment use, and operational continuity. Replaces all prior versions of the SOVA Master SaaS Agreement.
• Data Processing Agreement v2026.1 — new comprehensive DPA addressing CCPA/CPRA, VCDPA, CPA, CTDPA, UCPA, TDPSA, OR, MT, and other U.S. state privacy laws. Includes 72-hour security incident notification, technical and organizational measures, subprocessor terms, and references to the Subprocessor list. Supersedes the prior “Data Processing and Security Terms.”
• Biometric Data Addendum — new addendum that is executed alongside the MSA and DPA when a Customer elects to enable biometric features (such as facial recognition or fingerprint authentication) at one or more sites. Biometric features remain disabled by default for all Customers and require both legal review of the applicable jurisdiction and execution of this addendum before activation.
• EU/UK Transfer Addendum — new addendum that is executed alongside the DPA where a Customer requires processing of personal data of EU, EEA, UK, or Swiss data subjects. Incorporates the European Commission’s Standard Contractual Clauses (Decision 2021/914), the UK International Data Transfer Addendum, and equivalent protections under the revised Swiss Federal Act on Data Protection.

Privacy policies

• SOVA Privacy Center — refreshed to reflect SOVA’s current US-only operations, removal of EU-U.S. Privacy Shield references, addition of U.S. state privacy law disclosures, and a new biometric processing section.
• Website Privacy Policy — major refresh covering visitors to https://sovasystems.com and https://sova.cc. Cookies Policy disclosures are now folded into this document. Removed Privacy Shield content.
• Services Privacy Policy — major refresh covering the SOVA platform. New sections cover Account Data versus Customer Data, subprocessors, cookies in the authenticated portal, location data, audio and video capture, driver license scanning, health-related information and accident reports, biometric data, and automated processing and machine learning.

Site and platform terms

• Website Terms — refresh aligning the document with the current entity and clarifying that the Site Terms cover only the public marketing website (https://sovasystems.com and https://sova.cc) and not the authenticated SOVA platform.
• Platform User Agreement — substantial rewrite of the document formerly titled “User Terms of Service” or “Terms for User Sites.” The new agreement is purpose-built for SOVA’s authenticated platform and includes explicit acknowledgements regarding location tracking, audio and video capture, biometric data, and account credentials. The mandatory arbitration provision and AAA arbitration mechanism in the prior version have been removed; disputes are now governed by California law and resolved in San Diego, California courts. The class action waiver remains. Federal Government Use language has been narrowed.

Documents retired

The following articles have been retired as part of this update:

• Privacy Shield Policy — superseded; SOVA does not currently rely on the EU-U.S. Data Privacy Framework, the UK Extension, or the Swiss-U.S. Data Privacy Framework as a transfer mechanism.
• Cookies Policy — folded into the Website Privacy Policy and the Services Privacy Policy.
• CCPA and SOVA Systems (December 2019) — superseded by current privacy policies and the California Privacy Rights notice.
• GDPR and SOVA (December 2019) — superseded by current Privacy Center and EU/UK Transfer Addendum.
• Designate Data Protection Officers and EU Representatives — retired.

What action, if any, is required

SOVA Customers under existing Master SaaS Agreements: Your existing agreement remains in effect on its current terms. The refreshed Master Services Agreement v2026.1 will apply to new contracts and to renewals of existing contracts at the next renewal cycle. The refreshed privacy policies are effective immediately for all Customers and Users, as those policies are referenced by the agreements you have signed.

SOVA Customers signing new agreements: New agreements signed on or after May 6, 2026 will be on the Master Services Agreement v2026.1 and Data Processing Agreement v2026.1.

SOVA Customers wishing to enable biometric features: Biometric features remain disabled by default. To enable biometric features at a site, contact your SOVA representative to begin the legal review and Biometric Data Addendum execution process.

Users of the SOVA mobile applications and SOVA web portal: Users will be required to review and re-accept the refreshed Platform User Agreement at their next login on the relevant platform. The acceptance is recorded per User and per document version.

Visitors to the SOVA marketing website: No action is required. Continued use of the website indicates acceptance of the refreshed Website Terms and Website Privacy Policy.

Historical changes

Changes posted February 22, 2019

SOVA Systems updated its privacy policies on February 22, 2019. The Services Privacy Policy and the Website Privacy Policy were updated to include sections for California residents, and the policies were updated for European data protection requirements then in effect. A Privacy Shield Policy and a Cookies Policy were added at that time. (These additions have since been retired or folded into other documents as part of the May 6, 2026 update.)

Changes posted March 19, 2018

SOVA Systems updated the Master SaaS Agreement (now superseded by the Master Services Agreement) on March 19, 2018, with general improvements to the terms.

Changes posted January 1, 2018

SOVA Systems updated the Master SaaS Agreement (now superseded by the Master Services Agreement) on January 1, 2018, with general improvements to the terms. Customer terms were also updated in the Terms for User Sites (now superseded by the Platform User Agreement), and changes were made to the Privacy Statement (now superseded by the Services Privacy Policy).