Sonaflo

Legal

Data Processing Addendum

Pending counsel review

This page will be replaced with finalized language reviewed by our startup counsel before public launch. The intent below outlines what this document will cover.

The Data Processing Addendum sets out the terms under which Sonaflo acts as a processor of personal data on behalf of the customer (the controller). It is incorporated into the master agreement and is the principal compliance document for GDPR, UK GDPR, and equivalent regimes.

Intended scope. The finalized DPA will cover subject matter and duration, nature and purpose of processing, types of personal data, categories of data subjects, sub-processor terms with the right to object, security measures, data breach notification obligations, data subject rights handling, audit and compliance, and standard contractual clauses for international transfers.

For now, questions about how Sonaflo handles data, contracts, or permissions can be raised via the request access form — we will reply directly.