AppUnblock

Guarantee & refunds Terms of service Right of withdrawal Privacy & GDPR Data processing (DPA) Legal notice Disclaimers

Data Processing Agreement (Article 28 GDPR)

This Data Processing Agreement ("DPA") applies between you (the Controller) and CodifyAI SRL trading as AppUnblock (the Processor) where, in providing the service, we process personal data of your end-users contained in files, repositories or accounts you provide. It forms part of, and is governed by, our Terms.

1. Subject-matter and roles

You are the controller of your end-users' personal data; we are your processor. We process that data only to provide the rejection-rescue service you purchased.

2. Duration

For the duration of the engagement. On completion we delete the data within 7 days (see clause 8).

3. Our obligations (Art. 28(3))

We will: - (a) process the personal data only on your documented instructions (including for transfers), unless required by EU/Member-State law, in which case we inform you unless legally prohibited; - (b) ensure persons authorised to process the data are bound by confidentiality; - (c) implement appropriate technical and organisational measures (Art. 32) — encryption at rest, least-privilege time-boxed access, access logging; - (d) engage sub-processors only with your general authorisation and on equivalent data-protection obligations, remaining liable for their performance (current sub-processors below); - (e) assist you by appropriate measures with responding to data-subject requests (Art. 12–23); - (f) assist you with security, breach-notification, DPIA and prior-consultation obligations (Art. 32–36); - (g) at your choice, delete or return all the personal data after the end of the engagement (we delete within 7 days); - (h) make available the information needed to demonstrate compliance and allow and contribute to audits.

4. Sub-processors

  • Hetzner Online GmbH (Germany) — EU hosting / infrastructure.
  • Our EU-based mail server — transactional email.

Stripe, Inc. processes payment data as an independent controller, not as our sub-processor (see the Privacy policy).

5. International transfers

We keep end-user data within the EU (see the Privacy policy). Any transfer outside the EEA is made only under an adequacy decision or appropriate Art. 46 safeguards.

6. Your warranties

You warrant that you have a lawful basis for the end-user personal data you provide and have given the notices required under Articles 13–14 GDPR.

7. Breach

We notify you without undue delay after becoming aware of a personal-data breach affecting your end-users' data.

A counter-signed copy is available on request to [email protected].