Legal

Data Processing Agreement

GDPR Article 28 compliant DPA. Auto-executed on subscription start. Last updated: May 16, 2026.

Roles

You = Data Controller of your end-user data (bot subscribers)
mySkua = Data Processor acting on your instructions

Sub-processors

Railway (Postgres + backend hosting, Frankfurt, GDPR-compliant)
Vercel (edge / CDN, Frankfurt, GDPR-compliant)
Telegram Bot API (message delivery, processes user IDs only)
Stripe (billing — future, when launched, US-based with SCCs)

Data exports & deletion

You can request a full export or deletion of your account data at any time. Deletion is irreversible after a 30-day grace period.

Breach notification

We will notify you within 72 hours of any data breach affecting your end-user data, including scope, affected fields, and mitigation steps.

Signature

This DPA is auto-executed on first subscription. If your legal team requires a signed PDF, email legal@myskua.com.

See also: Privacy Policy, Security.