nauchat

Data processing

Last updated: 2026-05-26

1. Definitions

"Controller" means the person or entity that determines the purposes and means of processing. "Processor" means the entity that processes data on behalf of the controller. "Personal data" has the meaning given by applicable law. "Service" refers to Nauchat. The data processor under this document is Systems Design Express ("Nauchat").

2. Purpose

This document describes the processing of personal data that Nauchat carries out on behalf of its customers (tenants) in the context of the Service, in accordance with applicable data protection laws.

3. Roles

The tenant is the controller of the personal data of its own end customers. Nauchat acts as the processor, processing such data solely in accordance with the tenant's instructions and these terms.

4. Purpose and duration

Processing is for the purpose of providing the automated support and human inbox Service. It continues while the tenant has an active subscription, plus the additional retention period set out in the Privacy Policy.

5. Categories of data and data subjects

Categories of data: identification and contact data, conversation content, files sent by data subjects, metadata of connected channels. Categories of data subjects: the tenant's end customers, commercial contacts and users of the connected channels.

6. Authorized sub-processors

Nauchat may engage sub-processors to fulfill its obligations. The current list includes: Supabase (hosting and database), Anthropic and OpenAI (language models), Stripe (payments), Meta and Telegram (channels). With each one we maintain agreements that ensure an equivalent level of protection. We will notify significant changes to the list to allow reasoned objections.

7. Security

We implement appropriate technical and organizational measures: encryption in transit, role-based access control, activity auditing, periodic backups, ongoing vulnerability review and minimal exposure of sensitive credentials.

8. Breach notification

We will notify the tenant of any security breach affecting personal data under our processing, without undue delay and, in any case, within the time frames required by applicable law. The notification will include the nature of the incident and the measures taken.

9. Assistance and audits

Upon the tenant's reasonable request, we will provide assistance in responding to data-subject requests and in demonstrating compliance with applicable obligations, to the extent information is available. Audits may be carried out via existing reports or, exceptionally, via a coordinated visit with reasonable advance notice.

10. International transfers

When sub-processors process data outside the tenant's country, Nauchat will implement appropriate safeguards (standard contractual clauses, adequacy decisions or other mechanisms provided by law) to maintain an equivalent level of protection.

11. Return and deletion

Upon termination of the contract, the tenant may export their data during a reasonable period. After that period, we will delete or anonymize the personal data, unless required to retain it by law.

12. Liability and limitations

Nauchat's liability under this document is governed by the Terms of Use and, in particular, by the limitation of liability clause. Each party is responsible for breaches directly attributable to its own actions.

13. Contact

For inquiries related to data processing: info@nauchat.com