1. Purpose
This document summarises the principles of the DPA that MIKUJY signs with its customers when acting as a processor under GDPR (art. 28) and the Swiss revFADP. The signed DPA prevails over this summary.
To receive the signable version of our DPA, please write to info@mikujy.com.
2. Nature, purpose and duration of processing
- Subject: provision of the MIKUJY platform (measurement, reporting and steering of Sustainable IT).
- Nature: collection, storage, computation, display and export of IT inventory and impact data.
- Data subjects: customer employees authorised to access the platform.
- Data categories: professional identifiers (name, work email, role), IT asset inventory, platform usage data, security logs.
- Duration: throughout the contract term + 90 days of secure archival, then deletion or anonymisation.
3. Authorised sub-processors
| Subprocessor | Purpose | Location |
|---|---|---|
| Lovable / Cloudflare | Website hosting, CDN, DDoS protection | EU / Global edge |
| Supabase | Application database, auth, storage | EU (Frankfurt) |
| Resend | Transactional email delivery | EU / US |
| Infomaniak | Domain and inbox email | Switzerland |
| Google (GA4 / Ads) | Analytics and advertising (consent-based) | US |
Any material change to this list is notified to customers at least 30 days in advance, with a right of reasoned objection.
4. Security and transfers
MIKUJY implements technical and organisational measures described in detail on our Trust & Security page. Transfers outside the EU/Switzerland are governed by the European Commission's standard contractual clauses and, where applicable, by the EU-US Data Privacy Framework.
5. Request our signed DPA
Send your request to info@mikujy.com with your entity's legal name, address and signing contact. We return the document within 5 business days.