Data processing agreement (DPA)

This Data Processing Agreement (“DPA”) under Article 28 GDPR is between the business customer (“Controller”) and Frami (“Processor”) for the service at https://frami.studio. Company registration details (Companies House / RCS, VAT number, share capital) will be published as soon as they are final.

Article 1 — Subject matter

The Processor processes personal data only on documented instructions from the Controller to provide the Service (hosting, workflow execution, support).

Article 2 — Confidentiality and security

Reasonable technical and organisational measures (encryption in transit, access controls, logging). Personnel are bound by confidentiality duties.

Article 3 — Sub-processors

Sub-processors include Clerk, Stripe, Convex, Vercel, PostHog (if enabled), and AI vendors per configuration. We will inform you of material changes when required by the main agreement.

Article 4 — Assistance and data subjects

Reasonable assistance for responding to data subject requests, as far as technically feasible.

Article 5 — End of term

Deletion or return of the Controller’s personal data per technical options and applicable law, unless a longer retention is legally required.

Article 6 — DPA contact

contact@frami.studio