Data Processing Agreement (DPA)

Last Updated: April 20, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Controller") and MeowRex Ltd. ("Processor"), headquartered at 32 Osogovo str., Sofia, 1303, Bulgaria. It outlines the Processor's obligations when processing personal data on behalf of the Controller, in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Scope and Duration

This DPA applies to all data processing activities performed by MeowRex Ltd. in connection with the Services. It remains in force for the duration of your use of the Services.

2. Roles and Responsibilities

The Controller determines the purposes and means of the processing of personal data. The Processor shall only process personal data on documented instructions from the Controller, unless required to do so by law.

3. Subprocessors

MeowRex Ltd. uses the following subprocessors to fulfill its service obligations:

  • OpenAI, Anthropic, Google, Groq, Mistral – AI processing
  • Stripe – payment processing
  • Google Analytics – performance insights (anonymized)

MeowRex ensures that each subprocessor is contractually bound to data protection obligations consistent with this DPA.

4. Security Measures

MeowRex implements appropriate technical and organizational security measures, including:

  • Encryption of data in transit
  • Access controls based on role and need
  • Authentication protocols and logging

5. Data Subject Rights

MeowRex shall, to the extent possible, assist the Controller in fulfilling its obligation to respond to data subject requests under GDPR, including rights of access, rectification, deletion, restriction, and portability.

6. Data Breach Notification

In the event of a data breach affecting personal data, MeowRex will notify the Controller without undue delay and provide all information necessary for compliance with applicable data protection laws.

7. International Transfers

Where data is transferred outside the EEA, MeowRex shall ensure such transfers are lawful under applicable privacy regulations using mechanisms like Standard Contractual Clauses.

8. Return or Deletion of Data

Upon termination of the Services, MeowRex will delete or return all personal data within 60 days unless legally required to retain it.

9. Audits

Upon request, MeowRex will make available documentation necessary to demonstrate compliance and, once per year, permit audits by the Controller or its authorized auditor during normal business hours.

10. Liability

Liability under this DPA is subject to the limitation of liability provisions outlined in the Terms of Service.

11. Governing Law

This DPA is governed by and construed in accordance with the laws of Bulgaria. Disputes are subject to the jurisdiction of the courts in Sofia.

12. Contact

Email: team@meowrex.com
Address: MeowRex Ltd., 32 Osogovo str., Sofia, 1303, Bulgaria