Data Processing Agreement

1. Parties

This Agreement is between Aeltara (the "Processor") and the developer client engaging Aeltara's services (the "Controller"). Aeltara builds and operates the website, the lead-capture infrastructure, and the chat surface on the Controller's behalf.

2. Subject matter and duration

The subject matter is personal data of prospective buyers and visitors collected via the Controller's Aeltara-built website. Categories: contact data, behavioural data, and (when enabled) conversational data — as defined in the per-client Privacy Policy.

The Agreement runs co-terminus with the services agreement between the Controller and Aeltara.

3. Sub-processors

Aeltara engages the following sub-processors:

• Cloudflare, Inc. — hosting, edge runtime, KV, D1, Workers Analytics Engine.
• Web3Forms — contact-form delivery.
• Anthropic, PBC — chat-surface inference (when the Controller opts in).
• Google LLC — aggregated analytics (consent-gated).
• Supabase, Inc. — operator-side enquiry queue and inventory data.

The Controller will be given fourteen (14) days' notice of any change to the sub-processor list and may object. If the objection cannot be resolved, the Controller may terminate the affected service.

4. Security measures

• Encryption in transit (TLS 1.2+) for every endpoint.
• Encryption at rest in Cloudflare D1 and Supabase Postgres.
• IP addresses are hashed with a daily-rotating salt; raw IPs are not stored.
• Bearer tokens with explicit scopes for internal admin access; two-factor on operator surfaces.
• Per-IP and per-day rate limits on the chat surface; per-month USD ceiling with a 70 % threshold alert and a hard 100 % cut-off.
• Retention windows enforced in code, not by manual cleanup.

5. Data subject rights

When a data subject contacts Aeltara with a rights request, Aeltara will pass the request to the Controller within five (5) working days, providing all information necessary for the Controller to respond within statutory deadlines.

6. Breach notification

Aeltara will notify the Controller of any personal-data breach within forty-eight (48) hours of becoming aware. The notification will include nature, categories, approximate count of affected data subjects, likely consequences, and mitigation steps. The Controller is responsible for any onward notification to the Office of the Data Protection Commissioner under section 43 of the Act.

7. International transfers

Sub-processors operate outside Kenya. Transfers are made on the basis of standard contractual safeguards executed with each sub-processor, in accordance with section 48 of the Kenya Data Protection Act 2019.

8. Return or deletion on termination

On termination of the services agreement, Aeltara will return or delete all personal data within thirty (30) days, at the Controller's choice, and will provide written confirmation. Backup copies follow standard sub-processor retention windows.

9. Audit rights

The Controller may request, on reasonable notice and no more than once per calendar year, an audit of Aeltara's processing activities. Aeltara will respond within fourteen (14) days with a written assurance package.

10. Contact and signature

The signed Agreement on file with each developer client controls. To request a copy or propose changes, email hello@aeltara.com.

The companion Privacy Policy is published at /privacy/.