What is auditable intelligence?

Every output Umergence produces is traceable to its source documents. Each claim links back to the page, paragraph, and document it came from - enabling regulatory review and human verification.

Do you train AI models on client data?

No. Client documents are not used to improve our general models, and we don't build proprietary databases from your VDR. Your competitive edge stays yours.

Is Umergence regulated?

Umergence has been FINRA-registered since 2015 and complies with GLBA / Regulation S-P financial-privacy regulations.

CCPA Service Provider Addendum

The addendum we sign with customers subject to the California Consumer Privacy Act and the California Privacy Rights Act.

This Addendum supplements the Master Services Agreement ("Agreement") between UmergenceAI ("Service Provider") and [Customer Name] ("Business") and governs the processing of Personal Information under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

Section 1. Purpose, Scope, and Definitions

The parties acknowledge that:

Business is a "business," and Service Provider is a "service provider" under Cal. Civ. Code §1798.140(ag)
Service Provider processes Personal Information solely on behalf of Business

Key Definitions

"Personal Information" — as defined by CCPA
"Sensitive Personal Information" — as defined by CPRA
"Processing" — any operation performed on Personal Information
"Sell" / "Share" — as defined under CCPA/CPRA

Section 2. Processing Restrictions and Use Limitations

Service Provider shall process Personal Information only for the limited and specified purposes set forth in the Agreement.

2.1 Permitted Use

Service Provider may:

Process Personal Information solely to perform services for Business
Use data only as instructed by Business

2.2 Prohibited Use

Service Provider shall not:

Sell Personal Information
Share Personal Information for cross-context behavioral advertising
Use Personal Information for its own commercial purposes
Use Personal Information outside the scope of the Agreement

2.3 Data Combination Restrictions

Service Provider shall not:

Combine Personal Information with data obtained from other customers or sources
Use aggregated data in a manner that identifies individuals

2.4 No Model Training Use

Service Provider shall not use Personal Information to:

Train, fine-tune, or improve machine learning models outside the services provided to Business

Section 3. Consumer Rights and Data Lifecycle Obligations

3.1 Consumer Rights Assistance

Service Provider shall assist Business in responding to:

Right to Know / Access
Right to Delete
Right to Correct
Right to Data Portability

Upon request, Service Provider shall:

Provide relevant Personal Information
Delete or correct data as instructed
Deliver data in a structured, commonly used format

3.2 Deletion and Return

Service Provider shall:

Delete Personal Information upon Business Request
Delete or return Personal Information upon termination of the Agreement
Certify deletion upon request

3.3 Retention Exceptions

Service Provider may retain Personal Information only where:

Required by applicable law (e.g., SEC/FINRA recordkeeping)
Necessary to comply with legal obligations

Retention shall be limited to the minimum required period.

Section 4. Sub-Processors and Data Security

4.1 Sub-Processor Use

Service Provider may engage sub-processors, including:

Cloud providers (AWS, Azure, GCP)
AI/LLM providers (OpenAI, Anthropic, Google)
Security and compliance tools

4.2 Sub-Processor Obligations

Service Provider shall ensure sub-processors:

Are contractually bound to protect Personal Information
Provide equivalent levels of data protection
Do not sell or misuse Personal Information

4.3 Notice of Changes

Service Provider shall provide reasonable notice of new sub-processors where required.

4.4 Data Security Measures

Service Provider shall implement safeguards, including:

Encryption at rest (AES-256) and in transit (TLS 1.3)
Role-Based Access Controls (RBAC)
Audit logging and monitoring
Records retention and legal hold controls

These safeguards align with UmergenceAI's security framework.

Section 5. Compliance, Audit, and Legal Provisions

5.1 Compliance Certification

Service Provider certifies that it:

Understands its obligations under CCPA/CPRA
Will comply with all applicable privacy requirements

5.2 Audit and Verification Rights

Service Provider shall, upon reasonable request:

Provide documentation demonstrating compliance
Make available relevant security and compliance materials (e.g., SOC 2 reports)

5.3 Breach Notification

In the event of a security incident, Service Provider shall:

Notify Business without undue delay
Provide sufficient detail for regulatory compliance
Cooperate in investigation and remediation

5.4 Order of Precedence

This Addendum controls in the event of conflict with the Agreement regarding Personal Information.

5.5 Governing Law

This Addendum shall be governed by the laws specified in the Agreement, consistent with California law.

Signature Block

UmergenceAI

By: __________________________
Name: ________________________
Title: _________________________
Date: _________________________

[Customer Name]

By: __________________________
Name: ________________________
Title: _________________________
Date: _________________________