Unimoni
Create account

Legal

Data Processing Agreement

Terms for processing personal data. Applies to the Business and Enterprise plans.

Last updated: 2026-05-15

1. Parties and definitions

This DPA is entered into between the Customer (data controller) and Unimoni (processor). It applies in addition to the Terms of Service.

2. Subject matter

Unimoni processes the personal data that the Customer transmits through the Service, solely to provide the Service in accordance with the Customer’s documented instructions.

3. Categories of data

  • Identifiers (email, name) — of the Customer’s organization members
  • Infrastructure metrics and metadata — content determined by the Customer
  • Audit log records of actions

4. Data subjects

  • Customer employees (using the cabinet)
  • Customer end users (if their identifiers appear in metrics — cardinality configuration is on the Customer’s side)

5. Security measures

  • Encryption in transit (TLS 1.2+) and at rest (AES-256-GCM)
  • Principle of least privilege
  • Regular access audits
  • 2FA mandatory for employees
  • Logging of all administrative actions
  • Disaster recovery testing once per quarter

6. Subprocessors

List of current subprocessors:

AWS — Infrastructure hosting — EU / US (your choice)

Stripe — Payment processing — US, EU

SES — Transactional email — EU / US

Cloudflare — CDN + DDoS protection — Global

Postmark — Backup transactional email — US

Changes to the subprocessor list are notified 30 days in advance. The Customer may object.

7. Breach notification

Upon discovery of a personal data security breach, the Customer is notified without undue delay (no later than 72 hours from discovery), with a description of:

  • The nature and scope
  • The affected data subjects and categories of data
  • The measures taken and planned

8. Deletion and return

Upon termination of the subscription, the Customer may request an export of all data within 30 days. After that, the data is permanently deleted (including backups) within 90 days.

9. Audit

The Customer may request an audit of DPA compliance once a year. The audit is conducted on the basis of reports provided by Unimoni (SOC2, pen-test summaries) or, by agreement, by an on-site inspection (at the Customer’s expense).

10. Signing

For the Business and Enterprise plans, the DPA is signed separately. Request a counter-signed copy at [email protected].