Legal
Data Processing Agreement
Last updated: April 12, 2026
This Data Processing Agreement ("DPA") supplements the Terms of Service and applies when NewFramez processes personal data on behalf of the Customer as a data processor under applicable data protection laws including the GDPR.
1. Definitions
- Controller — the Customer, who determines the purposes and means of processing personal data.
- Processor — NewFramez, Inc., which processes personal data on behalf of the Controller.
- Personal Data — any information relating to an identified or identifiable natural person.
- Processing — any operation performed on Personal Data.
- Sub-processor — any third party engaged by NewFramez to process Personal Data.
2. Scope & Nature of Processing
NewFramez processes Personal Data submitted to the platform by the Customer and end users including: account credentials, video content, file metadata, usage logs, and communication records. Processing occurs solely to provide the Service as described in the Terms of Service.
3. Processor Obligations
NewFramez agrees to:
- Process Personal Data only on documented instructions from the Controller (these Terms and any additional written instructions).
- Ensure persons authorized to process Personal Data are bound by confidentiality obligations.
- Implement appropriate technical and organizational security measures (see our Security page).
- Not engage a new sub-processor without notifying the Controller and providing an opportunity to object.
- Assist the Controller in responding to data subject rights requests.
- Delete or return all Personal Data upon termination of the service relationship.
- Provide all information reasonably necessary to demonstrate compliance with this DPA.
4. Sub-processors
NewFramez currently uses the following sub-processors to deliver the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Cloudflare R2 | Object storage for video files | USA / Global |
| Supabase | Database and authentication | USA |
| Railway | Backend infrastructure | USA |
| Vercel | Frontend hosting | USA / Global |
| Resend | Transactional email | USA |
5. International Transfers
Where Personal Data is transferred outside the EEA or UK, NewFramez relies on Standard Contractual Clauses (SCCs) or other approved transfer mechanisms. Copies of applicable SCCs are available upon request.
6. Security Measures
Technical and organizational measures implemented by NewFramez include: TLS 1.2+ encryption in transit, AES-256 encryption at rest, bcrypt password hashing, role-based access controls, rate limiting, audit logging, and regular security reviews.
7. Contact
To execute a signed copy of this DPA or for GDPR-related inquiries: privacy@mirana1.com