Data Processing Agreement (DPA)
Effective Date: January 31, 2026
This DPA is between Nae OÜ (the "Processor") and the Merchant (the "Controller").
1. Nature of Processing
The Processor provides a bridge to identify inactive customer profiles by processing Email, Order History, and Engagement Data from the Controller's Shopify and Klaviyo accounts.
2. Processor Obligations
- Instructions: Process data only on documented instructions (clicking "Audit").
- Confidentiality: Ensure all authorized personnel are committed to confidentiality.
- Security: Implement TLS encryption and secure OAuth handshakes.
- Sub-processors: Controller consents to Fly.io, Shopify, and Klaviyo.
3. Data Breaches
Nae OÜ shall notify the Controller without undue delay (within 48 hours) after becoming aware of a personal data breach.
4. Deletion of Data
Upon uninstallation, all processing stops. No permanent copies of customer PII are retained beyond the active audit session.