Data Processing Agreement (DPA)
Last Updated: November 20, 2025
This DPA forms part of AZinMENU's Terms and applies when AZinMENU processes Personal Data on behalf of businesses (Data Controllers).
1. Definitions
Data Controller:
The business using AZinMENU.
Data Processor:
AZinMENU.
Personal Data:
Any identifiable customer or business information.
Processing:
Any operation involving personal data.
2. Processor Obligations
We will:
- Process data only under your instructions
- Implement technical and organizational security measures
- Maintain confidentiality
- Assist with GDPR/NDPR compliance requests
- Notify you of any data breach without undue delay
3. Sub-Processors
We use trusted sub-processors including:
- Supabase (database, auth, storage)
- Vercel/Orchids (hosting infrastructure)
- Email/SMS providers
- Payment processors
We ensure all sub-processors meet required privacy standards.
4. Data Transfers
Data may be transferred internationally under:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions
- Similar data protection safeguards
5. Data Retention
We retain data only as long as needed for service operation or legal purposes.
6. Data Subject Rights
You (the Controller) are responsible for responding to:
- Deletion requests
- Modification requests
- Access requests
We will assist by providing system-level support.
7. Termination
When an account is deleted:
- We delete or return all Personal Data
- Backups may remain for up to 30–90 days
- Logs may be retained for security purposes
Questions about our Data Processing Agreement?
Contact Support