YonoraThis Data Processing Agreement ("DPA") forms part of the Terms of Service between Yonora LLC ("Yonora", "Processor", "we") and the business customer using Yonora Business ("Customer", "Controller", "you"). It applies whenever the Customer uses Yonora to process personal data of its own customers, prospects, or staff that is subject to data-protection law, including the GDPR/UK GDPR, U.S. state privacy laws, and similar laws worldwide.
Order of precedence: if this DPA conflicts with the Terms of Service regarding the processing of personal data, this DPA controls for that subject matter.
| Element | Description |
|---|---|
| Subject matter | Providing the Yonora Business messaging, calling, and related tools to the Controller. |
| Duration | The term of the Controller's use of Yonora Business, plus the deletion/return period in Section 7. |
| Nature and purpose | Hosting, storage, transmission, display, syncing, backup, and support of messages, media, calls, contacts, orders, and related data to operate the Service. |
| Data subjects | The Controller's customers, prospects, and staff who communicate via Yonora. |
| Categories of data | Names, phone numbers, emails, message and call content and metadata, media, order details, business-account records, and any other personal data the Controller submits. |
| Sensitive data | The Controller should not submit special-category or highly sensitive data unless it has a lawful basis and appropriate safeguards; Yonora processes such data only as an incidental part of Controller-submitted content. |
Yonora will:
The Controller gives general authorization for Yonora to engage sub-processors to provide the Service. Yonora will impose data-protection obligations on each sub-processor that are equivalent to this DPA and remains responsible for their performance. Yonora will give at least 30 days' notice of any addition or replacement of a sub-processor, and the Controller may object on reasonable data-protection grounds.
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase, Inc. | Database, file storage, realtime message delivery, authentication | United States / region selected for the project |
| Push-notification providers (mobile platform services) | Delivering notifications to devices | United States / global |
| Hosting / CDN provider of yonora.net | Serving the web app and static assets | Global edge network |
| Email/forwarding provider | Handling support, privacy, and legal contact mailboxes | United States / global |
Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, the parties rely on the EU Standard Contractual Clauses (Controller-to-Processor module), together with the UK International Data Transfer Addendum where applicable, which are incorporated by reference. Sub-processor transfers are covered by equivalent safeguards. For other regions, Yonora will use lawful transfer mechanisms required by local law.
Upon termination of the business account, or on the Controller's written instruction, Yonora will delete the Controller's customer personal data within 30 days from active systems, with protected backups purged or overwritten on the normal backup cycle (usually within a further 90 days), except where retention is required by law. On request before deletion, Yonora will provide an export of the Controller's data in a commonly used, machine-readable format where reasonably feasible.
Yonora will make available documentation reasonably necessary to demonstrate compliance with this DPA. No more than once per year (or after a personal-data breach affecting the Controller's data), the Controller may assess compliance via a written questionnaire or, where legally required, a third-party audit at the Controller's cost, under confidentiality, with at least 30 days' notice, without access to other customers' data, and in a way that does not compromise security or other customers' rights.
Each party's liability under this DPA is subject to the limitations and exclusions set out in the Terms of Service, to the fullest extent permitted by applicable data-protection law.
Data-protection contact: privacy@yonora.net
Legal: legal@yonora.net
Support: support@yonora.net
Yonora LLC · Mailing address: 7169 Fairbrook Road, Windsor Mill, MD 21244, United States