Data Processing Agreement

Mindora Data Processing Agreement

Data Processing Agreement (DPA)

This Data Processing Agreement (“DPA”) forms an integral part of the agreement executed between the parties (“Agreement”) governing the use of the Services provided by LiteWorks LLC, doing business as Mindora (“Mindora”).

Capitalized terms not defined herein shall have the meanings set forth in the Agreement.

This DPA sets forth the parties’ responsibilities and obligations regarding the Processing of Personal Data during the course of the Agreement and thereafter.

1. Definitions

1.1. Affiliates means any entity that controls, is controlled by, or is under common control with a party.

1.2. CCPA means the California Consumer Privacy Act of 2018 (Cal. Civ. Code §§ 1798.100 et seq.), as amended, including the California Privacy Rights Act (CPRA).

1.3. Terms such as Controller, Processor, Data Subject, Processing, Personal Data Breach, Special Categories of Personal Data have the meanings assigned under EU Data Protection Law.

1.4. Terms such as Business, Business Purpose, Consumer, Service Provider, Sale, Sell have the meanings assigned under the CCPA.

1.5. Data Protection Laws means all applicable privacy and data protection laws, including GDPR, UK GDPR, CCPA, CPRA, and Swiss FADP.

1.6. EEA means the European Economic Area.

1.7. EU Data Protection Law includes:

  • Regulation (EU) 2016/679 (GDPR)

  • Regulation 2018/1725

  • ePrivacy Directive (2002/58/EC), as amended

  • National implementing legislation

  • Judicial or regulatory interpretations

1.8. Personal Data / Personal Information means any information that identifies or can reasonably identify an individual.

1.9. Security Incident means accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data.

1.10. Standard Contractual Clauses (SCCs) means the EU Commission’s approved standard contractual clauses (Decision 2021/914).

1.11. Swiss Data Protection Laws means the Swiss Federal Data Protection Act and related ordinances.

1.12. UK GDPR means the UK Data Protection Act 2018 and retained GDPR.

1.13. Shared Data means Personal Data exchanged between the parties under the Agreement.

2. Roles and Obligations

2.1. The parties agree that both Mindora and the Merchant act as independent Controllers with respect to Shared Data. The parties are not joint Controllers.

2.2. Each party is individually responsible for complying with Data Protection Laws.

2.3. If Shared Data includes Special Categories of Data or Sensitive Personal Information, each party shall apply appropriate safeguards.

2.4. Each party shall maintain a publicly accessible privacy policy compliant with applicable Data Protection Laws.

2.5. For purposes of the CCPA (where applicable), both Mindora and the Merchant qualify as Businesses and are independently responsible for compliance.

3. Data Subject Rights and Cooperation

3.1. If either party receives a Data Subject request relating to Shared Data processed by the other party, the receiving party shall direct the Data Subject to the appropriate party.

3.2. The parties shall provide commercially reasonable cooperation to address Data Subject requests or inquiries from Supervisory Authorities.

3.3. Each party shall ensure Personal Data remains accurate and up to date.

4. Security Measures and Security Incidents

4.1. Each party shall implement appropriate technical and organizational measures to protect Shared Data.

4.2. In the event of a Security Incident affecting Shared Data, the affected party shall notify the other without undue delay and no later than 48 hours after discovery.

4.3. Each party shall take required corrective actions under applicable Data Protection Laws.

4.4. The parties shall cooperate in good faith to mitigate and remediate Security Incidents.

5. Data Transfers

5.1. Where GDPR, UK GDPR, or Swiss FADP applies, transfers of Personal Data outside the EEA, UK, or Switzerland shall occur only with appropriate safeguards under Article 46 GDPR or equivalent.

5.2. If relying on Standard Contractual Clauses:

  • EEA transfers are governed by Annex I–III

  • UK transfers are governed by UK SCC provisions

  • Swiss transfers are governed by Swiss SCC provisions

6. Termination

6.1. This DPA becomes effective on the effective date of the Agreement and terminates automatically upon termination of the Agreement.

Annex I

Details of Personal Data (Controller to Controller)

A. List of Parties

Data Exporter:
LiteWorks LLC – Mindora
7548 Preston Rd STE 141 PMB 1085
Frisco, TX 75034
United States
Contact: support@mindora.com
Role: Controller

Data Importer:
Merchant (as defined in the Agreement)
Address: As set forth in the Merchant Agreement
Role: Controller

B. Description of Processing

Categories of Data Subjects:

  • Merchant customers

  • End Users

  • Website visitors

Categories of Personal Data:

  • Full name

  • Email address

  • Billing address

  • Phone number

  • Transaction details

  • Payment confirmation data

  • IP address and device identifiers

  • Account and subscription data

Sensitive Data (if applicable):
Processed only where necessary and subject to safeguards.

Nature and Purpose of Processing:

  • Providing the Services

  • Processing transactions

  • Fraud prevention

  • Account management

  • Customer support

Retention Period:
As necessary to provide Services or comply with legal obligations.

C. Competent Supervisory Authority

The competent supervisory authority shall be determined based on the Merchant’s establishment within the EEA, where applicable.




Create a free website with Framer, the website builder loved by startups, designers and agencies.