Data Processing Agreement
ZAU Data Processing Agreement (DPA)
This DPA forms part of the Terms of Service between ZAU Data ("Processor") and the Customer ("Controller").
ZAU Data operates under Alandra Studio, Unipessoal Lda., which is the legal company entering into this DPA as the data processor.
1. Purpose
ZAU processes personal data solely for providing its analytics platform and related services.
2. Roles
The Customer acts as the Data Controller.
ZAU acts as the Data Processor.
3. Processing Activities
ZAU processes:
- Account data (user details, credentials).
- Connection data (tokens, IDs).
- Source records retrieved from the Customer’s connected platforms (e.g., Shopify, Google Ads, Meta), including order, product, and customer records that may contain personal data of the Customer’s end-customers.
- Aggregated analytics results.
4. Security Measures
ZAU implements:
- Data encryption at rest and in transit.
- Role-based access control.
- Secure token storage.
- Regular vulnerability assessments.
5. Subprocessors
ZAU may use subprocessors — including Google Cloud Platform (infrastructure hosting) and Resend (transactional email) — to operate the service. An updated list is maintained on /subprocessors.
6. Data Subject Requests
ZAU assists the Customer in fulfilling access, rectification, or deletion requests under GDPR or CCPA.
7. International Transfers
Data may be transferred internationally under GDPR-approved mechanisms such as SCCs.
8. Termination
Upon termination of the Customer’s account or revocation of access to any connected data source (including any connected store or advertising account), all related personal data is deleted within 30 days, unless retention is required by law.
9. Contact
For data protection inquiries: