Legal

Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") governs how BoothMemo (operated by Cleoda SRL, Romania, EU) processes personal data on behalf of you — the operator or host who runs a BoothMemo video-guestbook booth. It forms part of our Terms and is accepted by you at signup (we record the version and timestamp on your account so acceptance is auditable). In plain terms: for your event guests' recordings, you are the data controller and BoothMemo is the processor; we act only on your documented instructions. This is a plain-English legal template — have a lawyer review it before relying on it. Contact for any data matter: contact@cabinaregala.ro.

1. Roles, subject-matter & duration

This DPA covers processing of personal data that happens when you run a BoothMemo booth — whether you're a Pro Operator running branded booths for your clients (subscription) or a Direct Host running a tablet at your own party (per-event €39).

  • You = controller. You decide which event runs, who is invited, what happens to the recordings, and the retention window. The recordings of your guests are processed on your behalf.
  • BoothMemo (Cleoda SRL) = processor. We process those recordings only to provide the service, on your documented instructions.
  • Separately, BoothMemo is the controller of your own operator/host account data (your name, email, hashed password, company, billing/plan). That account relationship is governed by our Privacy Policy and Terms, not by this DPA.

Subject-matter: providing the BoothMemo booth, capture, storage, gallery, and recording delivery (QR or email). Duration: for as long as you have an active account or event, plus the retention window you set, after which data is deleted (Section 9). This DPA ends when all personal data has been deleted or returned.

2. Nature & purpose of processing

We process guest personal data only to deliver the BoothMemo service you've engaged us for:

  • Capture at the branded tablet-booth: a guest records a short video, selfie, or audio message.
  • Consent record: before recording, the guest's consent is captured, versioned, and timestamped.
  • Storage & isolation of the recording and its metadata in your tenant.
  • Delivery back to the guest via a private QR link or, if the guest provides it, an email.
  • Gallery access so you (the operator/host) can view your event's recordings.
  • Scheduled deletion when the retention window expires.

We do not sell guest data, use it for advertising, build profiles, or apply face/voice recognition or any biometric matching. The face and voice present in a recording are part of the media content — we store and serve it, we do not analyse it to identify people.

3. Categories of data subjects & personal data

Data subjects: your event guests who choose to leave a message at the booth, and — where you provide it — your own staff/contacts tied to the event.

Categories of personal data processed on your behalf:

  • Recordings: video, selfie photo, and/or audio messages left by guests. These inherently contain a person's image (face) and voice.
  • Identifiers (optional): guest name and email, only if the guest provides them for delivery of their own recording.
  • Consent records: the consent version, acceptance, and timestamp captured before recording.
  • Technical metadata: event ID, recording tokens, timestamps, file references needed to store and deliver the media.

A guest's image and voice can be sensitive. BoothMemo's design does not perform biometric identification, so we don't process it as special-category biometric data — but you, as controller, are responsible for the lawfulness of capturing it at your event (see Section 5).

4. Documented instructions

We process guest personal data only on your documented instructions, including for international transfers, unless EU or Member-State law requires otherwise (in which case we'll tell you, unless legally prohibited).

  • Your instructions are the configuration you choose in BoothMemo: which event is active, the retention window, whether email delivery is enabled, branding, who has gallery access, plus this DPA and our Terms.
  • If we believe an instruction infringes the GDPR or other EU data-protection law, we will inform you and may pause that processing.
  • We will not use your guests' recordings for our own purposes. Any product analytics we run are limited to aggregate, non-identifying operational metrics.

5. Your obligations as controller

As the controller, you are responsible for the lawful side of running the booth:

  • Lawful basis & consent. The lawful basis for guest recordings is the guest's consent, which BoothMemo captures (versioned + timestamped) before each recording. You must make sure consent is genuinely informed at your event and that you have the right to invite guests to record.
  • Notice to guests. Tell guests who you are, that recordings are made, and how they can get their recording erased.
  • Retention. Choose an appropriate retention window for each event (default ~365 days; you can set it shorter). Don't keep recordings longer than you need.
  • Lawful instructions. Only give us instructions, and only use the gallery/exports, in line with applicable law.
  • Your account data accuracy. Keep your operator/host account details correct.

6. Our obligations as processor

BoothMemo (Cleoda SRL) commits to:

  • Process only on your instructions (Section 4) and only for the service.
  • Confidentiality: ensure that anyone authorised to process the data is under a duty of confidentiality.
  • Security: apply the technical and organisational measures in Section 7.
  • Sub-processors: use only the sub-processors in Section 8, under written terms with equivalent data-protection obligations, with prior notice of changes.
  • Assist you with data-subject requests, security, breach notification, and DPIAs/consultations, taking into account the nature of processing and the information available to us (Sections 10–11).
  • Delete or return the data at the end of the relationship (Section 9).
  • Make available the information needed to show compliance and allow audits (Section 12).
  • Notify you if we consider an instruction unlawful.

7. Security measures

We apply technical and organisational measures appropriate to the risk, including:

  • Multi-tenant isolation enforced at the database (Row-Level Security / RLS). Each operator/host is a separate tenant; RLS policies prevent one tenant from reading or writing another tenant's recordings and metadata.
  • Encryption in transit: all connections to the app and storage use HTTPS/TLS.
  • Signed, time-limited URLs for media files — recordings are not served from public, guessable links; access is granted via short-lived signed URLs.
  • Token-based access: guest recording-delivery and erasure links work via per-recording tokens; admin/operator and booth sessions use signed cookies.
  • Access controls: server-side privileged access is limited; operator and host accounts use hashed passwords.
  • Hosting & storage with reputable EU providers that maintain their own security and certifications (Section 8).

Measures may evolve to keep pace with the state of the art; we will not materially weaken the overall level of protection.

8. Sub-processors & change notice

You authorise BoothMemo to engage the following sub-processors to provide the service:

  • Supabase — database and file storage (recordings + metadata), hosted in the EU.
  • Resend — sending recording-delivery emails to guests.
  • Vercel — application hosting.

Each sub-processor is bound by written terms with data-protection obligations equivalent to those in this DPA. If we intend to add or replace a sub-processor, we'll give you prior notice (e.g. by email or on this page) so you have a chance to object on reasonable data-protection grounds. If we can't resolve a reasonable objection, you may terminate the affected service.

9. Deletion & return on termination

  • Automatic deletion at end of retention. Recordings and their metadata are deleted automatically when the per-event retention window expires (default ~365 days; operators can set shorter), enforced by a scheduled deletion job that removes both the stored files and the database records.
  • On guest request: a guest can trigger erasure of their own recording at any time via the delete link in their email or the /sterge page using their token (see Section 10).
  • On termination of the agreement: at your choice, we will delete or return the guest personal data we process for you, and delete existing copies, unless EU or Member-State law requires us to keep it. Routine backups are purged on our normal cycle.
  • After deletion, content served by previously issued signed URLs ceases to be retrievable once those URLs expire and the underlying files are removed.

10. Data-subject requests

Guests have the rights to access, rectification, erasure, restriction, objection, and portability.

  • Self-service erasure is built in: guests use the delete link in their delivery email, or the /sterge page with their recording code/token, to erase their own recording without needing to contact anyone.
  • For other requests, BoothMemo will assist you (the controller) with appropriate technical and organisational measures to respond, insofar as possible.
  • If a guest contacts BoothMemo directly about an operator's event, we will, where we can identify the controller, forward the request to you and not respond on the substance ourselves (beyond the self-service erasure we already provide).

11. Breach notification

If BoothMemo becomes aware of a personal data breach affecting the data we process for you, we will notify you without undue delay after becoming aware. Our notice will, to the extent available, describe:

  • the nature of the breach and the categories and approximate number of data subjects and records affected;
  • the likely consequences;
  • the measures taken or proposed to address it and mitigate harm.

We will provide reasonable assistance so you can meet your own notification duties to your supervisory authority and to affected guests. As controller, the decision and obligation to notify the authority/guests under the GDPR rests with you.

12. Audits, international transfers & contact

Audits. We will make available the information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate — on reasonable prior notice, no more than once a year (unless required by an authority or after a breach), during business hours, subject to confidentiality, and without compromising other tenants' security.

International transfers. BoothMemo is EU-built and the primary database and file storage (Supabase) are hosted in the EU. Where any processing or sub-processor support involves a transfer outside the EU/EEA, it will be covered by an appropriate safeguard under the GDPR (e.g. an adequacy decision or Standard Contractual Clauses).

Order of precedence. If this DPA conflicts with our general Terms on a data-protection point, this DPA prevails for that point.

Contact (data protection / this DPA):

  • Processor: Cleoda SRL (BoothMemo brand), Romania, EU
  • Email: contact@cabinaregala.ro

_This page is a plain-English template and is not legal advice. Have it reviewed by a qualified lawyer for your jurisdiction before relying on it._