Data Processing Agreement
This agreement explains how Atelier Logos processes personal data on behalf of clients, the security safeguards we maintain, and the controls we offer so you can fulfill your own obligations under GDPR, CCPA, or other regulations.
Atelier Logos acts as a service provider (processor) when we store, analyze, or ship personal data that you supply in the course of product development, strategy, or hosting. You remain the data controller and give us permission to process the data solely to deliver agreed services.
We typically act on contact data, project metadata, analytics, collaboration notes, and prototype content. Sensitive data (e.g., health, financial) is only processed if explicitly scoped into a project and then subject to an addendum.
We may route data through trusted subprocessors listed below. Each subprocessor agrees to at least the same protections we deliver and we notify you before onboarding new ones.
Vercel
Application hosting, build pipelines, and analytics for production deployments.
Supabase
Postgres databases and auth for customer dashboards and data exports.
Stripe
Invoicing and payment collection for our monthly retainers.
Cal.com
Scheduling and calendaring touches between our team and yours.
PostHog
Product analytics and event tracking on the website.
Resend
Transactional emails for confirmations and onboarding sequences.
We assist controllers with access, correction, deletion, or portability requests using documented workflows. Submit requests to james@atelierlogos.com.
We undergo annual compliance reviews, maintain an internal control matrix, and permit limited audits or certifications upon reasonable notice.
At contract end, we delete or return your data per your instructions and certify destruction. Cross-border transfers rely on standard contractual clauses where necessary.