← Back to minlora
⚠️ Draft — requires legal review before production use.

Data Processing Agreement

Effective Date: 2026-05-27

Last Updated: 2026-05-27

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between the customer ("Controller") and Minlora ("Processor"). It governs the processing of personal data carried out by Minlora on behalf of the customer in connection with the minlora platform. هذه الوثيقة قيد المراجعة القانونية / This document is under legal review.

2. Subject Matter and Duration

Minlora processes personal data submitted by the customer (employees, contacts, meeting participants) solely to deliver the minlora platform services. Processing continues for the duration of the subscription and ceases upon contract termination, after which data is deleted within 30 days unless retention is legally required.

3. Obligations of the Processor

  • Process personal data only on documented instructions from the Controller.
  • Ensure that authorised personnel are bound by confidentiality obligations.
  • Implement appropriate technical and organisational security measures (encryption at rest and in transit, access controls, audit logging).
  • Assist the Controller in responding to data subject rights requests within required timescales.
  • Notify the Controller without undue delay upon becoming aware of a personal data breach.
  • Delete or return all personal data upon termination of services.

4. Sub-processors

Minlora uses the following sub-processors to deliver its services. The Controller authorises their use by accepting the Terms of Service:

  • Anthropic — AI model inference (Claude API). Data: message content.
  • Supabase — Database, authentication, and file storage. Region: eu-central-1 (Frankfurt).
  • Vercel — Application hosting and serverless functions.
  • Stripe / Moyasar — Payment processing.
  • Resend — Transactional email delivery.

We will notify the Controller of any intended changes to sub-processors at least 14 days in advance.

5. International Data Transfers

Personal data is stored in the EU (Frankfurt, Germany) to comply with PDPL and GDPR cross-border transfer requirements. Where transfers to third countries are necessary (e.g., Anthropic API calls), they are covered by appropriate safeguards such as Standard Contractual Clauses (SCCs).

6. Contact

For DPA-related enquiries or to execute a signed DPA for enterprise customers, contact privacy@minlora.com.

For inquiries: privacy@minlora.com