1. Introduction
This Data Processing Agreement ("DPA") governs processing of personal data by Secret Sauce OÜ (17395646), Tallinn, Estonia ("Dklaro", "Processor") on behalf of the customer using the Service ("Controller").
The DPA forms part of the Terms of Service. In case of conflict regarding data protection, this DPA prevails.
2. Subject matter
Dklaro processes personal data solely to provide invoicing, client management, expense tracking, email delivery, live chat support, and related hosting.
- Data subjects: account users, their colleagues, and their end clients/contacts
- Data types: names, emails, addresses, company IDs, VAT/tax IDs, bank details, invoice line items
- Duration: for the life of the active account and as required by law thereafter
3. Processor obligations
We process only on documented Controller instructions and in compliance with GDPR.
We maintain confidentiality, implement appropriate security (see Security page), notify breaches without undue delay and within 24 hours where feasible, and assist with data subject requests. Requests received from data subjects are forwarded to the Controller within 5 calendar days.
4. Sub-processors
Controller provides general authorisation for sub-processors listed at /ee/en/legal/sub-processors. We will inform Controller before adding or replacing sub-processors where practicable.
5. International transfers
Personal data is processed within the European Union and European Economic Area (EEA). We do not transfer personal data outside the EEA as part of our standard Service configuration.
6. Termination & deletion
Upon termination, we delete or return personal data within 30 calendar days unless retention is required by law (e.g. Estonian accounting records).
7. Contact
Legal: legal@dklaro.app · Privacy: privacy@dklaro.app
Annex 1 — Sub-processors
Supabase, Inc. — Database, authentication, file storage (European Union) Stripe, Inc. — Subscription billing and payment processing (European Union) Resend, Inc. — Transactional email delivery (European Union) Vercel, Inc. — Application hosting and edge delivery (European Union) Functional Software, Inc. (Sentry) — Error monitoring and observability (European Union) Crisp IM SAS — Live chat and customer support (European Union (France))