NexisBack

Data Processing Agreement (DPA)

Applies when you use Nexis to process your leads' and clients' personal information. You are the data controller; VerixLab processes data on your behalf to provide the Service.

Last updated: June 29, 2026

Effective Date: June 29, 2026 · Last Updated: June 29, 2026

Introduction

This Data Processing Agreement ("DPA") describes how VerixLab ("Processor," "we," "us") processes personal information on behalf of customers ("Controller," "you," "Agent") when you use Nexis to manage real estate lead and client communications. It supplements our Terms of Use and Privacy Policy.

When you store or process your leads', clients', or prospects' personal information in Nexis, you are typically the data controller and VerixLab acts as your data processor, processing that information only on your documented instructions through the Service.

Scope and Roles

Controller (you): The real estate agent, team, or brokerage user who determines why and how client/lead data is processed.

Processor (us): VerixLab, which hosts Nexis and processes data solely to provide the Service you configure.

Data subjects: Your leads, clients, prospects, and other individuals whose information appears in connected Gmail, WhatsApp, or workspace data.

Subject Matter and Duration

Processing relates to lead management, unified inbox, communication history, AI-assisted drafts, and related productivity features. Processing continues while your account is active and integrations remain connected, unless deleted earlier per our Data Retention Policy.

Nature and Purpose of Processing

Receiving, storing, organizing, and displaying lead and client communications

Syncing Gmail and WhatsApp threads you authorize

Generating AI-assisted draft replies and summaries for your review

Sending email or messages only after you review and approve them in Nexis

Security, troubleshooting, backups, and service improvement

Types of Personal Information

May include names, email addresses, phone numbers, message content, metadata, property interests, notes, and related CRM fields you or your integrations supply.

Processor Obligations

We will:

  • Process personal information only on your instructions through use of the Service, unless required by law
  • Not sell client/lead personal information
  • Not use Gmail data for advertising
  • Maintain reasonable technical and organizational safeguards (see Privacy Policy)
  • Assist with reasonable data subject requests where feasible and required by law
  • Notify you without undue delay if we become aware of a breach affecting personal information we process on your behalf, where legally required
  • Delete or return personal information when you delete your account or disconnect integrations, subject to retention exceptions in our policies

Controller Obligations

You will:

  • Have a lawful basis to collect and use client/lead data in Nexis
  • Comply with applicable privacy, anti-spam (including CASL), and real estate laws
  • Provide any required notices and obtain any required consents from data subjects

Acknowledge that connected Gmail and WhatsApp accounts may contain sensitive personal information and that you are responsible for having authority to process it and for your compliance obligations

Remain responsible for messages, outreach, and client communications you send through Nexis, including after granting permission for Nexis to access connected email or WhatsApp accounts

Review AI-generated drafts before sending

Not use Nexis for unlawful outreach, spam, or unauthorized data processing

Sub-processors

We use trusted sub-processors to operate Nexis, such as:

  • Google (Gmail / OAuth)
  • Meta (WhatsApp Business)
  • Supabase (database)
  • Vercel (hosting)
  • OpenAI or similar (AI drafts, when enabled)
  • Stripe (payments, when enabled)
  • Resend or similar (transactional email)
  • We require sub-processors to protect personal information under contractual obligations appropriate to their role. Data may be processed in Canada, the United States, or other jurisdictions where these providers operate.

International Transfers

Where personal information is transferred across borders, we take reasonable steps to implement appropriate safeguards, such as contractual protections with service providers, consistent with applicable law.

Audits and Information

Upon reasonable written request, we will provide information necessary to demonstrate compliance with this DPA, subject to confidentiality and security constraints.

How to Execute or Request a Signed Copy

This online DP applies when you use Nexis to process client/lead data. For a countersigned copy (for example, for your brokerage), email verixlabsai@gmail.comwith the subject "DP request."

Contact

VerixLab A· verixlabsai@gmail.com

This document is provided for transparency and operational purposes. It is not legal advice. Consider having a qualified lawyer in Ontario review this document before public launch.

See also

Privacy PolicyTerms of UseCookie PolicyData RetentionRefunds & CancellationData Processing Agreement