Alleex Cloud · Legal
Data Processing Agreement
⚠ PENDING LAWYER REVIEW — not legal advice
This page is a structural scaffold. It has not been reviewed by qualified EU/GDPR counsel and is notlaunch-ready. No paying customer may onboard until a lawyer has reviewed and approved this document (binding pre-launch gate).
Provenance: Hand-authored template + auto-generated subprocessor annex + hand-authored TOMs + SCCs. SCC sections especially require counsel.
GDPR Art. 28 DPA: the Alleex Cloud customer (controller) appoints Alleex Cloud (processor) when Alleex Cloud processes that customer's end-user data (compliance-eu module, DSAR, audit logs). Required before any EU paying customer processes personal data through a generated app.
Annex 1 (subprocessors) is generated from the same source as /subprocessors. Annex 2 (technical & organisational measures) describes the hash-chained audit log, EU residency, per-tenant Neon isolation, and Rekor transparency. SCCs for any third-country transfer are the most legally sensitive section and require counsel.
Polar.sh is NOT a processor of customer-app end-user data — Polar is a controller-to-controller relationship for the Alleex Cloud subscription only. The DPA text must keep these distinct.
This document is information about Alleex Cloud's technical and organisational measures, not legal advice. Consult your DPO or legal counsel for your specific obligations.