Ten Four

Data Processing and Security Addendum

Last updated: May 5, 2026 · Effective

This Data Processing and Security Addendum ("Addendum") forms part of the Ten Four Terms of Service or other agreement between Bring Corp, doing business as Ten Four ("Ten Four," "we," "us," or "our"), and the account using the Services ("Account," "you," or "your").

This Addendum applies when Ten Four processes End Customer Personal Data in connection with providing the Services to Account.

1. Definitions

Agreement means the Ten Four Terms of Service, this Addendum, any applicable order form, and any other written agreement between Ten Four and Account.

Applicable Privacy Law means privacy, data protection, data security, breach notification, consumer protection, electronic communications, and similar laws that apply to the processing of End Customer Personal Data under the Agreement.

Account Data means information provided by or on behalf of Account to Ten Four in connection with the Services.

End Customer means a homeowner, property owner, tenant, customer, or other person who communicates with, pays, requests service from, or otherwise interacts with Account through Ten Four.

End Customer Personal Data means personal information or personal data about End Customers that Ten Four processes in connection with the Services.

Process or Processing means any operation performed on personal data, including collection, use, storage, transmission, disclosure, retrieval, deletion, transcription, summarization, routing, analysis, or other handling.

Security Incident means a confirmed unauthorized access to, acquisition of, disclosure of, alteration of, or loss of End Customer Personal Data in Ten Four's possession or control.

Services means the Ten Four services provided under the Agreement.

Subprocessor means a third party engaged by Ten Four to process End Customer Personal Data to provide the Services.

2. Roles of the Parties

For End Customer Personal Data processed to provide Services to Account:

  • Account is generally the controller, business, or equivalent responsible party.
  • Ten Four is generally the processor, service provider, or equivalent service provider acting on behalf of Account.
  • Ten Four will process End Customer Personal Data to provide, secure, support, bill for, maintain, and improve the Services as permitted by the Agreement.

Ten Four may act as an independent controller, business, or equivalent responsible party for account, billing, security, analytics, legal compliance, fraud prevention, abuse prevention, service diagnostics, business operations, and relationship-management data, as described in the Privacy Policy.

3. Account Instructions

Account instructs Ten Four to process End Customer Personal Data as reasonably necessary to:

  • Provide the Services.
  • Receive, send, store, route, and manage customer communications.
  • Process SMS, MMS, photos, calls, voicemails, transcripts, scheduling requests, approvals, invoices, payment links, and related workflows.
  • Support AI-assisted features, including message classification, summaries, suggested replies, automated replies, scheduling support, and workflow assistance.
  • Facilitate customer payments through third-party payment processors.
  • Provide support, troubleshooting, security, billing, and account administration.
  • Comply with the Agreement, applicable law, and lawful instructions.

Account is responsible for ensuring its instructions are lawful.

4. Account Obligations

Account is responsible for:

  • Its relationship with End Customers.
  • Providing legally required notices and obtaining legally required consents.
  • Ensuring Ten Four may lawfully process End Customer Personal Data for the Services.
  • Responding to End Customer privacy requests when Account is the responsible controller or business.
  • Ensuring customer communications through Ten Four are lawful and service-related.
  • Ensuring any call recording, voicemail, transcription, messaging, or automated communication use complies with laws applicable to Account.
  • Using the Services in accordance with the Agreement and applicable law.

5. Ten Four Processing Obligations

Ten Four will:

  • Process End Customer Personal Data in accordance with the Agreement and Account's lawful instructions.
  • Require personnel who access End Customer Personal Data to protect it appropriately.
  • Use reasonable administrative, technical, and physical safeguards designed to protect End Customer Personal Data.
  • Assist Account with privacy requests and compliance obligations where required by Applicable Privacy Law and reasonably possible.
  • Notify Account of a Security Incident as required by applicable law and the Agreement.
  • Use Subprocessors as described in this Addendum.
  • Delete or return End Customer Personal Data as described in this Addendum, the Privacy Policy, and applicable law.

6. Security Measures

Ten Four will maintain reasonable safeguards appropriate to the nature of the Services and the information processed. These safeguards may include:

  • Access controls.
  • Authentication controls.
  • Encryption in transit where reasonably appropriate.
  • Logging and monitoring.
  • Backup and recovery practices.
  • Vulnerability management.
  • Personnel access restrictions.
  • Vendor and Subprocessor review.
  • Incident response procedures.
  • Administrative policies and procedures.

No security program can guarantee absolute security.

7. Payment Data

Customer credit card payments are processed by third-party payment processors such as Stripe. Ten Four does not intentionally store full credit card numbers, CVV codes, or full payment credential data.

Ten Four may process and store limited payment metadata, such as invoice status, payment status, transaction IDs, payment processor identifiers, timestamps, card brand, last four digits, dispute status, refund status, and related records.

Account remains responsible for the services sold to End Customers, customer disputes, refunds, chargebacks, taxes, and payment-related issues connected to Account's services.

8. AI Processing

Account acknowledges that End Customer Personal Data may be processed by AI systems to provide the Services. This may include SMS/MMS threads, photos, job descriptions, voicemails, voicemail transcripts, call transcripts, customer requests, prompts, classifications, summaries, suggested replies, automated replies, and workflow decisions.

Ten Four will not intentionally authorize third-party AI providers to use End Customer Personal Data to train general-purpose AI models unless Ten Four discloses that use or obtains appropriate authorization.

Ten Four will use commercially reasonable efforts to select AI providers and settings that do not use customer content for model training by default.

AI providers may process and temporarily retain data for service delivery, security, abuse prevention, debugging, legal compliance, or other purposes described in their applicable terms.

9. Subprocessors

Account authorizes Ten Four to use Subprocessors to provide the Services.

Subprocessors may include providers for:

  • Communications, SMS, MMS, voice, and phone numbers.
  • Payment processing.
  • Hosting, database, storage, and infrastructure.
  • Address verification and mapping.
  • Tax calculation support.
  • AI and machine-learning processing.
  • Transcription.
  • Email and authentication.
  • Analytics, logging, monitoring, customer support, and security.
  • Professional services, such as legal, accounting, and audit support.

Ten Four is responsible for requiring Subprocessors to protect End Customer Personal Data in a manner appropriate to their role and the services they provide.

Ten Four may add, replace, or remove Subprocessors as the Services evolve. Ten Four will provide notice of material Subprocessor changes where required by applicable law or a written agreement.

10. Security Incident Notice

If Ten Four becomes aware of a Security Incident, Ten Four will notify Account without undue delay and as required by applicable law.

The notice may include, as available and appropriate:

  • A description of the incident.
  • The types of information involved.
  • The known or likely impact.
  • Steps taken or planned by Ten Four.
  • Information reasonably needed for Account to meet its legal obligations.

Ten Four's notice of a Security Incident is not an admission of fault or liability.

11. Assistance With Privacy Requests

Where required by Applicable Privacy Law and reasonably possible, Ten Four will assist Account in responding to End Customer requests to access, correct, delete, restrict, or obtain a copy of End Customer Personal Data.

Account is responsible for verifying the request, determining whether the request must be honored, and responding to the End Customer unless Ten Four is legally required to respond directly.

12. Deletion and Retention

Ten Four will retain End Customer Personal Data for as long as reasonably necessary to provide the Services, operate our business, comply with legal obligations, resolve disputes, enforce agreements, maintain security, prevent fraud or abuse, support payment and tax records, and create business records.

Upon termination of the Agreement, Ten Four may delete, return, archive, or retain End Customer Personal Data as described in the Privacy Policy and as reasonably necessary for legal, security, backup, dispute, compliance, accounting, and legitimate business purposes.

13. Confidentiality

Ten Four will treat End Customer Personal Data as confidential and will not use or disclose it except as permitted by the Agreement, the Privacy Policy, this Addendum, Account's lawful instructions, or applicable law.

14. No Sale of End Customer Personal Data

Ten Four will not sell End Customer Personal Data for money.

Ten Four will not share mobile phone numbers or SMS consent information with third parties or affiliates for their own marketing or promotional purposes.

15. Audits and Information Requests

Upon reasonable written request, Ten Four will provide information reasonably necessary to demonstrate compliance with this Addendum, subject to confidentiality, security, legal, and operational limits.

Ten Four may satisfy audit requests by providing security summaries, policies, certifications, questionnaires, or similar information.

16. International Processing

Ten Four is based in the United States. End Customer Personal Data may be processed in the United States and other countries where Ten Four or its Subprocessors operate.

17. Changes to This Addendum

Ten Four may update this Addendum from time to time. Material updates will be handled as described in the Terms of Service or applicable written agreement.

18. Conflict

If this Addendum conflicts with the Terms of Service, the Terms of Service control unless this Addendum expressly states otherwise for data-processing matters.

19. Contact Us

Bring Corp / Ten Four
1907 S Le Homme Dieu Dr NE
Alexandria, MN 56308
legal@tenfour.chat
www.tenfour.chat