Data Processing Agreement

Last updated: March 11, 2026

This Data Processing Agreement governs the processing of personal data by Comuna on behalf of its users in accordance with applicable data protection laws including the General Data Protection Regulation (GDPR).

Definitions

Controller means the entity determining the purposes and means of processing personal data.

Processor means the entity processing personal data on behalf of the controller.

For purposes of this Agreement the user is the Controller and Comuna acts as the Processor.

Processing of Data

Comuna will process personal data only to provide and operate the Service in accordance with the instructions of the user.

Confidentiality

All personnel authorized to process personal data are bound by confidentiality obligations.

Security Measures

Comuna implements reasonable technical and organizational measures to protect personal data including encryption, access controls, and secure infrastructure.

Subprocessors

Comuna may use third party subprocessors such as cloud providers and payment processors. These subprocessors are contractually obligated to maintain appropriate data protection safeguards.

Data Subject Rights

Comuna will assist users in responding to requests from data subjects regarding access, deletion, or correction of personal data where required by law.

Data Breaches

Comuna will notify affected users without undue delay after becoming aware of a personal data breach affecting the Service.

Data Deletion

Upon termination of the Service Comuna will delete or return personal data as required by applicable law unless retention is legally required.