Data Processing Agreement
Last updated: January 17, 2026
This Data Processing Agreement ("DPA") forms part of our Terms of Service and Privacy Policy. It governs the processing of personal data in connection with the use of Veritas Social services.
1. Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on Personal Data.
- Data Controller: The entity that determines the purposes and means of Processing.
- Data Processor: The entity that Processes Personal Data on behalf of the Data Controller.
2. Roles and Responsibilities
- Users are Data Controllers of the content they create and share
- Veritas Social acts as a Data Processor when storing and transmitting user content
- Veritas Social is a Data Controller for account data and service analytics
3. Sub-Processors
We engage the following sub-processors:
- Supabase Inc. - Database hosting and authentication
- OpenAI, LLC - Translation and transcription services
- Expo (650 Industries Inc.) - Push notifications
- Google LLC - ML Kit translation models (processed locally on device)
4. Data Security Measures
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Automatic PII scrubbing before storage
- Access controls and authentication
- Regular security assessments
- Incident response procedures
5. Data Subject Rights
We support the exercise of data subject rights under GDPR:
- Right of Access: Request a copy of your Personal Data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Request deletion of your data
- Right to Portability: Receive data in a portable format
Requests can be made to hello@southbytelabs.com.
6. Data Retention
- Account data: Until account deletion + 30 days
- Messages: Stored with PII scrubbed; deleted upon request
- Images in chats: Automatically deleted after 7 days
7. Contact Information
- Data Protection Officer: hello@southbytelabs.com
- General Inquiries: hello@southbytelabs.com