Legal document
Data Processing Agreement (DPA)
Last updated: 25/04/2026
1. Parties and subject matter
The client company acts as Data Controller and MockdatScreen as Data Processor. The purpose is to regulate the processing required to provide the SaaS platform for projects, videos and documents.
2. Documented instructions
MockdatScreen will process data only under the Controller’s documented instructions: contract, account configuration, support tickets and actions performed in the platform.
3. Confidentiality
- Authorised personnel are bound by confidentiality duties.
- Internal access is limited to operational, support or security needs.
- Confidentiality obligations survive termination of the contractual relationship.
4. Technical and organisational measures
- Encryption in transit using TLS.
- Secure authentication using httpOnly cookies and rotating refresh tokens.
- RBAC access controls and company/project separation.
- Consent records and relevant administrative action logs.
5. Sub-processors
| Sub-processor | Service |
|---|---|
| Cloudflare R2 | File storage |
| Supabase / PostgreSQL | Database |
| Resend | Transactional email |
6. Return or destruction
When the service ends, MockdatScreen will facilitate data export and, after the agreed period or under the Controller’s instruction, delete storage files and operational records while keeping only legally required evidence.
7. Security breaches
MockdatScreen will notify the Controller without undue delay and, in any event, within 24 hours after becoming aware of a breach affecting personal data.