×

Data Processing Agreement (DPA)

Effective date: July 6, 2026 · For Yonora Business customers who process personal data through Yonora

This Data Processing Agreement ("DPA") forms part of the Terms of Service between Yonora LLC ("Yonora", "Processor", "we") and the business customer using Yonora Business ("Customer", "Controller", "you"). It applies whenever the Customer uses Yonora to process personal data of its own customers, prospects, or staff that is subject to data-protection law, including the GDPR/UK GDPR, U.S. state privacy laws, and similar laws worldwide.

Order of precedence: if this DPA conflicts with the Terms of Service regarding the processing of personal data, this DPA controls for that subject matter.

1. Roles of the parties

2. Details of processing

ElementDescription
Subject matterProviding the Yonora Business messaging, calling, and related tools to the Controller.
DurationThe term of the Controller's use of Yonora Business, plus the deletion/return period in Section 7.
Nature and purposeHosting, storage, transmission, display, syncing, backup, and support of messages, media, calls, contacts, orders, and related data to operate the Service.
Data subjectsThe Controller's customers, prospects, and staff who communicate via Yonora.
Categories of dataNames, phone numbers, emails, message and call content and metadata, media, order details, business-account records, and any other personal data the Controller submits.
Sensitive dataThe Controller should not submit special-category or highly sensitive data unless it has a lawful basis and appropriate safeguards; Yonora processes such data only as an incidental part of Controller-submitted content.

3. Processor obligations

Yonora will:

4. Sub-processors

The Controller gives general authorization for Yonora to engage sub-processors to provide the Service. Yonora will impose data-protection obligations on each sub-processor that are equivalent to this DPA and remains responsible for their performance. Yonora will give at least 30 days' notice of any addition or replacement of a sub-processor, and the Controller may object on reasonable data-protection grounds.

Sub-processorPurposeLocation
Supabase, Inc.Database, file storage, realtime message delivery, authenticationUnited States / region selected for the project
Push-notification providers (mobile platform services)Delivering notifications to devicesUnited States / global
Hosting / CDN provider of yonora.netServing the web app and static assetsGlobal edge network
Email/forwarding providerHandling support, privacy, and legal contact mailboxesUnited States / global

5. Security measures

6. International transfers

Where personal data is transferred from the EEA, UK, or Switzerland to a country without an adequacy decision, the parties rely on the EU Standard Contractual Clauses (Controller-to-Processor module), together with the UK International Data Transfer Addendum where applicable, which are incorporated by reference. Sub-processor transfers are covered by equivalent safeguards. For other regions, Yonora will use lawful transfer mechanisms required by local law.

7. Deletion and return

Upon termination of the business account, or on the Controller's written instruction, Yonora will delete the Controller's customer personal data within 30 days from active systems, with protected backups purged or overwritten on the normal backup cycle (usually within a further 90 days), except where retention is required by law. On request before deletion, Yonora will provide an export of the Controller's data in a commonly used, machine-readable format where reasonably feasible.

8. Audits

Yonora will make available documentation reasonably necessary to demonstrate compliance with this DPA. No more than once per year (or after a personal-data breach affecting the Controller's data), the Controller may assess compliance via a written questionnaire or, where legally required, a third-party audit at the Controller's cost, under confidentiality, with at least 30 days' notice, without access to other customers' data, and in a way that does not compromise security or other customers' rights.

9. Liability

Each party's liability under this DPA is subject to the limitations and exclusions set out in the Terms of Service, to the fullest extent permitted by applicable data-protection law.

10. Contact

Data-protection contact: privacy@yonora.net
Legal: legal@yonora.net
Support: support@yonora.net
Yonora LLC · Mailing address: 7169 Fairbrook Road, Windsor Mill, MD 21244, United States