Legal
Data Processing Agreement
Data processing agreement under Art. 28 GDPR. This draft is confirmed digitally during onboarding.
Parties
The respective salon is the controller. FRIZZAI! is the processor.
Subject matter
Processing of end-customer photos to create AI-assisted hairstyle previews.
Data categories
- Photo/image data
- Session metadata without personal reference
- Technical device information
Data subjects
End customers of the salon.
Processor obligations
- Processing only on instructions
- Confidentiality
- Technical and organizational measures
- Notification of data incidents
- Support with data subject rights
Subprocessors
- Supabase: database, authentication, storage
- Stripe Payments Europe: payment processing
- Google Gemini API: AI image processing
- Resend/Postmark: transactional emails
Technical and organizational measures
- TLS transport encryption
- Access restriction
- Auto-deletion
- Audit logs
- Separate salon tenants
Deletion
After the processing ends, personal data is deleted or returned according to instructions unless legal obligations prevent this.