Roles
Controller: the customer. Processor: Manera Technologies Inc.. Enterprise customers may request a signed DPA under GDPR Art. 28 and equivalent laws. Contact [email protected].
Sub-processors
Anthropic (LLM inference, ephemeral no-training-on-inputs guarantee), Stripe (subscription billing), Cloudflare (DNS / CDN / DDoS). Current list updated with 30 days' notice.
Security measures
- TLS 1.3 in transit · AES-256 at rest
- HMAC-signed inter-service calls (Phase A security doctrine)
- Hourly encrypted backups with 30-day retention
- Quarterly sub-processor security review
Breach notification
Personal data breach notification to affected customers without undue delay and within 72 hours of becoming aware, per GDPR Art. 33, Québec Law 25 s. 3.5, PIPEDA Mandatory Breach Rules, and equivalent.