Data Processing Agreement
Last updated: April 6, 2026
1. Introduction
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (“Data Controller”, “Customer”) and Erii Studio (“Data Processor”, “we”) operating OneLivePage.
This DPA applies where and only to the extent that we process personal data on your behalf in the course of providing the Service, and such personal data is subject to data protection laws including the EU General Data Protection Regulation (GDPR), the UK GDPR, or the California Consumer Privacy Act (CCPA).
2. Definitions
- “Personal Data” means any information relating to an identified or identifiable natural person.
- “Processing” means any operation performed on Personal Data, including collection, storage, use, and deletion.
- “Sub-processor” means any third party engaged by us to process Personal Data on your behalf.
- “Data Subject” means the individual whose Personal Data is processed.
3. Scope of Processing
OneLivePage is designed as a privacy-first analytics platform. By design, we minimize the collection of Personal Data from your website visitors:
- We do not use cookies.
- We do not store IP addresses.
- We do not collect names, emails, or other PII from visitors.
- Country-level geo data is derived from IP at the edge and the IP is immediately discarded.
- Visitor IDs are randomly generated anonymous identifiers with no link to real identities.
The only Personal Data we process is your account information (email, name from OAuth) necessary to provide the Service.
4. Obligations of the Data Processor
We shall:
- Process Personal Data only on your documented instructions and as necessary to provide the Service.
- Ensure that persons authorized to process Personal Data are bound by confidentiality obligations.
- Implement appropriate technical and organizational measures to ensure security of processing, including:
- Encryption of data in transit (TLS) and at rest
- Row-level security policies in the database
- Regular security updates and monitoring
- Access controls limited to authorized personnel
- Assist you in responding to requests from Data Subjects exercising their rights under applicable law.
- Notify you without undue delay upon becoming aware of a Personal Data breach.
- Delete or return all Personal Data upon termination of the Service, at your choice.
5. Sub-processors
We use the following sub-processors:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase Inc. | Database hosting, authentication | United States |
| Vercel Inc. | Application hosting, edge functions, geo-IP | Global (edge network) |
| Google LLC | OAuth authentication (optional) | United States |
| GitHub Inc. | OAuth authentication (optional) | United States |
We will notify you of any intended changes to our sub-processors. You may object to a new sub-processor within 30 days of notification.
6. Data Transfers
Where Personal Data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) or equivalent mechanisms approved by relevant authorities.
7. Data Subject Rights
We will assist you in fulfilling your obligations to respond to Data Subject requests, including rights of access, rectification, erasure, portability, restriction, and objection. Account holders can exercise these rights directly through the Settings page or by contacting us.
8. Data Retention
Analytics data is retained according to the Customer's plan tier (30 days, 1 year, or 5 years) and automatically purged thereafter. Account data is retained until the Customer deletes their account. Upon account deletion, all associated data is permanently removed within 30 days.
9. Audits
Upon reasonable request and subject to confidentiality obligations, we will provide information necessary to demonstrate compliance with this DPA. This may include documentation of our security measures, processing activities, and sub-processor agreements.
10. Liability
Each party's liability under this DPA is subject to the limitations set forth in the Terms of Service.
11. Term & Termination
This DPA is effective as long as we process Personal Data on your behalf. Upon termination of the Service, we will delete all Personal Data in accordance with Section 8, unless retention is required by applicable law.
12. Contact
For questions about this DPA or to exercise data protection rights, contact us at @erii_stud1o on X or visit erii.studio.