Data Processing Agreement (DPA)

Last updated: 13 July 2026

1. Purpose

This document summarises the principles of the DPA that MIKUJY signs with its customers when acting as a processor under GDPR (art. 28) and the Swiss revFADP. The signed DPA prevails over this summary.

To receive the signable version of our DPA, please write to info@mikujy.com.

2. Nature, purpose and duration of processing

  • Subject: provision of the MIKUJY platform (measurement, reporting and steering of Sustainable IT).
  • Nature: collection, storage, computation, display and export of IT inventory and impact data.
  • Data subjects: customer employees authorised to access the platform.
  • Data categories: professional identifiers (name, work email, role), IT asset inventory, platform usage data, security logs.
  • Duration: throughout the contract term + 90 days of secure archival, then deletion or anonymisation.

3. Authorised sub-processors

SubprocessorPurposeLocation
Lovable / CloudflareWebsite hosting, CDN, DDoS protectionEU / Global edge
SupabaseApplication database, auth, storageEU (Frankfurt)
ResendTransactional email deliveryEU / US
InfomaniakDomain and inbox emailSwitzerland
Google (GA4 / Ads)Analytics and advertising (consent-based)US

Any material change to this list is notified to customers at least 30 days in advance, with a right of reasoned objection.

4. Security and transfers

MIKUJY implements technical and organisational measures described in detail on our Trust & Security page. Transfers outside the EU/Switzerland are governed by the European Commission's standard contractual clauses and, where applicable, by the EU-US Data Privacy Framework.

5. Request our signed DPA

Send your request to info@mikujy.com with your entity's legal name, address and signing contact. We return the document within 5 business days.