Legal

Data Processing Addendum

This page summarizes the Data Processing Addendum (DPA) HTECH Global (NUNZIAJO Ltd) offers to FLUXO customers processing personal data through the platform. It is provided for procurement and security review. A signed, contract-referenced copy is issued on request — contact us to execute one alongside your commercial agreement.

Roles

For personal data the customer submits to or collects through FLUXO (e.g. contact records, personnel and inspector names, work order details), the customer is the data controller and HTECH Global (NUNZIAJO Ltd) is the data processor, acting only on the customer’s documented instructions as configured in the platform.

Subject matter and duration

Processing covers hosting, storage, and operation of FLUXO on the customer’s behalf for the duration of the applicable subscription, plus any post-termination retention period agreed in writing or described in our Privacy policy.

Nature and purpose of processing

Personal data is processed solely to provide the FLUXO maintenance, inspection, compliance, and reporting workflows the customer configures — including account provisioning, role-based access control, notifications, and support requested by the customer.

Categories of data and data subjects

Typical categories include names, work email addresses, phone numbers, job roles, and work-related activity records (e.g. inspections completed, work orders assigned) belonging to the customer’s employees, contractors, and, where the customer configures it, their own customers or site contacts.

Sub-processors

We use the following sub-processors to deliver FLUXO: Supabase (database and backend infrastructure), Vercel (application hosting), Sentry (anonymised error monitoring), Stripe (billing and payments), and Google Analytics (website usage analytics — marketing site only, not the FLUXO application). Each is bound by its own data processing terms consistent with this addendum. We will provide advance notice of any new sub-processor via the contact registered for the account, with an opportunity to object on reasonable data protection grounds.

Security measures

FLUXO enforces tenant data isolation via row-level security, role-based access control, encryption in transit (TLS) and at rest, audited administrative access, and a published vulnerability disclosure channel at security@htech.africa. Security incidents affecting customer data are communicated without undue delay once confirmed.

International transfers

Sub-processor infrastructure may process data outside the customer’s home jurisdiction. Where this involves a cross-border transfer subject to GDPR or equivalent law, we rely on our sub-processors’ standard contractual clauses or equivalent safeguards.

Assistance and audit

We will provide reasonable assistance with data subject access, correction, and deletion requests the customer receives, and make available information reasonably necessary to demonstrate compliance with this addendum, including responding to reasonable security questionnaires.

Return and deletion

On termination of the subscription, customer data is deleted or returned according to the retention terms in our Privacy policy, unless a longer period is required by law.

Requesting a signed copy

To request a countersigned DPA referencing your specific agreement, or for any data processing question, contact info@htech-global.online.