RekiBack to Home

Data Processing Addendum (DPA)

This Data Processing Addendum ("Addendum") is incorporated into the Terms of Service ("Agreement") between Reki App (ABN: 93 884 450 713) ("Processor") and the customer identified in the Agreement ("Controller").

This Addendum reflects the parties' agreement with respect to the processing of personal data in accordance with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and UK GDPR.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Processor on behalf of Controller under the Agreement.
  • "Processing" has the meaning given in the GDPR.
  • "Subprocessors" are third-party service providers engaged by Processor.

2. Roles and Scope

  • Controller determines the purposes and means of processing Personal Data.
  • Processor processes Personal Data only as necessary to provide the Service described in the Agreement and in accordance with Controller's instructions.
  • Controller's instructions are documented in the Agreement, this Addendum, and through Controller's use of the Service.

3. Processor Obligations

Processor shall:

1. Confidentiality – Ensure that personnel authorized to process Personal Data are bound by confidentiality obligations.
2. Security – Implement appropriate technical and organizational measures to protect Personal Data as described in the Privacy Policy.
3. Subprocessors – Use the following Subprocessors:
  • Supabase – data hosting and storage
  • Vercel – application hosting
  • OpenAI – AI-powered conversational processing
  • Stripe – payment processing (Creators only)
  • PostHog – analytics and product usage tracking
  • Sentry – error monitoring and performance

Processor will notify Controller of changes to Subprocessors and give Controller the right to object on reasonable grounds.

4. Assistance – Assist Controller with reasonable requests regarding data subject rights, security, data breaches, and impact assessments.
5. Breach Notification – Notify Controller without undue delay upon becoming aware of a personal data breach.
6. Deletion or Return – Upon termination of the Service, delete or return all Personal Data unless retention is required by law.

4. Controller Obligations

Controller is responsible for:

  • Ensuring they have a lawful basis to collect and process Personal Data through the Service.
  • Providing privacy notices and obtaining consents from data subjects where required.
  • Ensuring that any instructions to Processor comply with applicable law.

5. International Transfers

Processor may transfer Personal Data to countries outside the EEA/UK as necessary to provide the Service. Processor relies on appropriate safeguards (such as standard contractual clauses) with Subprocessors.

6. Audit

Upon request, Processor shall provide information necessary to demonstrate compliance with this Addendum and will allow audits conducted by Controller or an independent auditor, at Controller's expense, no more than once per year.

7. Termination

This Addendum will remain in effect as long as Processor processes Personal Data on behalf of Controller.

Signed by:

Reki App (ABN: 93 884 450 713)

Controller:

[Executed electronically through acceptance of the Terms of Service]