Data Processing Addendum (DPA)

Effective: 2025-09-30

Scope

This Data Processing Addendum (“DPA”) applies when E‑Noer processes Personal Data on your behalf in providing the Services. By using integrations that sync your customer/store data to our platform, you instruct us to process that data as your processor.

Roles

You are the Data Controller. E‑Noer is the Data Processor. Where we engage Sub‑processors (hosting, database, support tools), we remain responsible for their performance.

Processing details

• Subject matter: ecommerce operations, analytics, and messaging you enable.
• Duration: for the term of your subscription and up to 90 days after termination for backups.
• Nature & purpose: storage, retrieval, transmission, analytics as configured by you.
• Types of data: names, emails, order and product data, and other data you choose to send.
• Data subjects: your customers, prospects, and team members.

Security

We maintain appropriate technical and organizational measures, including encryption in transit, access controls, MFA, logging, and regular backups.

Sub‑processors

Current sub‑processors may include: hosting (e.g., Vercel/Cloudflare), Supabase (auth, DB), Stripe (payments), support and analytics tools. We will notify you of material changes and provide an opportunity to object on reasonable grounds.

Data subject requests

We will assist you, insofar as possible, with responding to requests from data subjects and regulators.

International transfers

Transfers outside the EEA/UK will be subject to the EU SCCs (Module 2) and UK Addendum, as applicable.

Deletion & return

Upon termination or at your written request, we will delete or return Personal Data, subject to legal retention obligations and backup cycles.