1. Introduction
This Data Processing Agreement ("DPA") governs processing of personal data by Secret Sauce OÜ (17395646), Tallinn, Estonia ("Dklaro", "Processor") on behalf of the customer using the Service ("Controller").
The DPA forms part of the Terms of Service. In case of conflict regarding data protection, this DPA prevails.
2. Subject matter
Dklaro processes personal data solely to provide invoicing, client management, expense tracking, email delivery, and related hosting.
- Data subjects: account users, their colleagues, and their end clients/contacts
- Data types: names, emails, addresses, company IDs, VAT/tax IDs, bank details, invoice line items
- Duration: for the life of the active account and as required by law thereafter
3. Processor obligations
We process only on documented Controller instructions and in compliance with GDPR.
We maintain confidentiality, implement appropriate security (see Security page), notify breaches without undue delay and within 24 hours where feasible, and assist with data subject requests. Requests received from data subjects are forwarded to the Controller within 5 calendar days.
4. Sub-processors
Controller provides general authorisation for sub-processors listed at /legal/sub-processors. We will inform Controller before adding or replacing sub-processors where practicable.
5. International transfers
Data may be processed in the EU/EEA and United States. For transfers outside the EEA we use appropriate safeguards under GDPR Chapter V (including Standard Contractual Clauses) where no adequacy decision exists.
6. Termination & deletion
Upon termination, we delete or return personal data within 30 calendar days unless retention is required by law (e.g. Estonian accounting records).
7. Contact
Legal: legal@dklaro.app · Privacy: privacy@dklaro.app
Annex 1 — Sub-processors
Supabase, Inc. — Database, authentication, file storage (EU / US (region-configured)) Stripe, Inc. — Subscription billing and payment processing (US / EU) Resend, Inc. — Transactional email delivery (US) Vercel, Inc. — Application hosting and edge delivery (US / EU) Functional Software, Inc. (Sentry) — Error monitoring and observability (US / EU)