Legal

Data Processing Agreement

Effective May 3, 2026

This Data Processing Agreement (the “DPA”) forms part of the Terms of Service between you (the “Customer”) and Walid Naser, an individual (“we” or “us”) and applies where we process personal data on your behalf in providing Perceev (the “Service”).

1. Roles

For the personal data contained in the session recordings and related data you connect to the Service, you are the controller and we are the processor. You are responsible for the lawfulness of that data and for your instructions to us.

2. Scope of processing

Subject matter: provision of the Service. Duration: for as long as you use the Service. Nature and purpose: storing, processing, and generating AI summaries of the session recordings you connect. Types of data: the data captured in your session recordings, which may include identifiers, device and usage information, and content your end users enter. Categories of data subjects: your end users.

3. Our obligations

We will:

  • process personal data only on your documented instructions, including as set out in the Terms and this DPA;
  • ensure that people authorized to process the data are bound by confidentiality;
  • implement appropriate technical and organizational measures to protect the data;
  • assist you, taking into account the nature of the processing, in responding to data subject requests and in meeting your security, breach-notification, and impact-assessment obligations;
  • delete or return the data at the end of the Service, except where we are required to retain it;
  • make available information reasonably necessary to demonstrate compliance with this DPA.

4. Sub-processors

You authorize us to engage sub-processors to provide the Service. We impose data protection obligations on them consistent with this DPA and remain responsible for their performance. Our current sub-processors are:

  • PostHog (the source of the session recordings you connect)
  • OpenAI (AI analysis)
  • Railway (hosting, database, and queues)
  • Cloudflare (object storage)
  • Resend (transactional email)

We will provide a way to be informed of new sub-processors, and you may object on reasonable data-protection grounds by contacting us.

5. Security

We maintain appropriate technical and organizational measures designed to protect personal data, including encryption in transit, access controls, and encryption of sensitive credentials at rest. No system is completely secure.

6. Personal data breaches

We will notify you without undue delay after becoming aware of a personal data breach affecting your data, and provide information reasonably available to us to help you meet your own notification obligations.

7. International transfers

Where we transfer personal data across borders, we rely on a lawful transfer mechanism, such as standard contractual clauses, where required by applicable law.

8. Deletion and return

On termination of the Service, or on your written request, we will delete or return the personal data we process on your behalf within a reasonable period, except where retention is required by law.

9. General

This DPA is governed by the law and dispute-resolution terms in our Terms of Service. If there is a conflict between this DPA and the Terms regarding the processing of personal data, this DPA controls. Questions: walid@perceev.dev.