SOVA Privacy Center

SOVA Privacy Center


LAST UPDATED: February 22, 2019

Welcome to the SOVA Privacy Center!

SOVA respects the privacy of everyone that engages with our platform, and we are committed to being transparent about our privacy processes and policies. In order to provide our services to our users, we collect and process personal data.


The SOVA Privacy Center contains the answers to frequently asked questions about how we collect and use personal data, the rights that individuals have in relation to personal data held by SOVA, and how SOVA complies with international data protection laws.

Privacy FAQs

  1. What is the GDPR?
  2. How can I exercise my data subject access rights under the GDPR?
  3. Does SOVA retain personal data?
  4. Does SOVA have a Data Protection Officer (DPO)?
  5. Who are SOVA’s sub-processors and how are they vetted?
  6. What is a Data Processing Agreement (DPA) and how can I get one with SOVA?
  7. How does SOVA transfer European personal data?


1. What is the GDPR?

The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). Additionally, it addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

2. How can I exercise my data subject access rights under the GDPR?

Under the General Data Protection Regulation (GDPR), residents of the EU may exercise certain rights regarding their personal data. If you would like to make a data subject access request, please contact privacy@sovasystems.com.

3. Does SOVA retain personal data?

SOVA retains transaction records for a prescribed period of time. Read more about our data retention process in our Website Privacy Policy. If you are a current Customer of SOVA, please read our Services Privacy Policy.

4. Does SOVA have a Data Protection Officer (DPO)?

No, SOVA does not have a DPO. We evaluate our business needs regularly and monitor changes in EU law to ensure we remain compliant.

5. Who are SOVA’s sub-processors and how are they vetted?

SOVA identifies, evaluates, and engages sub-processors through our vendor management program. We enter into a contract with each sub-processor prior to sharing data with the sub-processor, and each contract contains terms that provide for monitoring and audit. In addition, all potential vendors are vetted and approved through SOVA’s security review process before we begin using their services.


We maintain a list of our current sub-processors. (NEED LINK)

6. What is a Data Processing Agreement (DPA) and how can I get one with SOVA?

A data processing agreement is a contract between a data controller and a data processor, which describes the roles and responsibilities of the parties when personal data is processed. Article 28 of the GDPR sets out a number of requirements that a data processing agreement must satisfy in order to be compliant with European data privacy law.


We have made a Data Processing Agreement (DPA) available to SOVA Customers. When you’re logged in to your SOVA account, you can review and accept the SOVA DPA. If you are not yet a Customer of SOVA but wish to review the DPA prior to engaging with us, please sent a request to privacy@sovasystems.com.

7. How does SOVA transfer European personal data?

At SOVA we care deeply about the protection of our users’ data and we’ve looked closely at how to ensure that we remain compliant with evolving European law regarding transfers of European personal data.


SOVA’s services in Europe are provided by SOVA, an entity located in the United States. In providing SOVA Services, personal data is transferred from the EU to a sub-processor in the U.S. To ensure the adequate protection of personal data, we have certified to the EU-U.S. and Swiss-U.S. Privacy Shield Framework. For more information, please read our Privacy Shield Policy. In addition to Privacy Shield, SOVA continues to employ additional compliance measures to ensure an adequate level of protection of personal data transferred outside the European Economic Area.

Our aim is to ensure that SOVA remains compliant with European data protection laws and also to assist our users in doing so. If you have additional questions, please contact us.

    • Related Articles

    • California Privacy Rights

      Categories of personal information we collect We collect information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular ...

    • Data Processing and Security Terms

      Terms last modified: January 31, 2020 The customer agreeing to these terms ("Customer"), and SOVA Systems or any other entity that directly or indirectly controls, is controlled by, or is under common control with SOVA Systems (as applicable, ...

    • Approved Mobile Devices For SOVA

      Updated 03-03-2021 SOVA was developed from it's inception to work well with low-end phones. The goal was to give our clients a way to get a replacement device quickly on their own, to minimize the impact on their security operation. Some competing ...

    • Privacy Shield Policy

      LAST UPDATED: February 25, 2019   SOVA Systems (“SOVA”, “we”, “our” or “us”) has subscribed to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (collectively, “Privacy Shield”). SOVA adheres to the Privacy Shield ...

    • Privacy Statement 2017

      Last updated February 21, 2019 SOVA cares about your privacy SOVA Systems and its subsidiaries (sometimes referred to herein as SOVA or SOVA Systems) are committed to protecting the privacy of individuals who visit SOVA’s websites and interact with ...