Data Processing Agreement
This is a plain-language summary. A full PDF version is available on request at hello@jeuxtech.com. When you become a client, you'll counter-sign the long-form DPA before access is granted.
Parties
- Controller: You (the client).
- Processor: Jeux Tech, Romania.
Scope of processing
- Personal data your application stores, only when needed to perform engineering work.
- Production data is accessed read-only when possible; sample/staging data otherwise.
- We never copy or export production data outside your infrastructure.
Subprocessors
- GitHub — version control (client's repository).
- Vercel — hosting for client preview deployments when required.
- Firebase / Supabase — backend services for client projects when used in their stack.
- Linear — task management when client uses Linear.
- Resend — transactional email delivery for waitlist submissions.
No subprocessor receives production data. We notify you in writing before adding any new subprocessor.
Security
- Hardware-key 2FA on all accounts that touch client systems.
- Per-client credentials, rotated on off-boarding.
- Encrypted laptops, encrypted backups, encrypted credential storage (1Password).
- Incident response: notification within 24h of any data-related security incident.
Sub-processing locations
We operate from the EU. Cross-border data transfers happen only via your infrastructure choices (e.g. Vercel regions you configure).
Termination
On engagement end, we delete client credentials and any local copies of client data within 14 days, and confirm in writing.