OpenMirai

Data Processing Agreement (DPA)

OpenMirai Data Processing Agreement - EU data protection terms for our platform

What is a Data Processing Agreement?

A Data Processing Agreement (DPA) is a legal contract that defines how we process personal data on behalf of our customers, particularly for users in the European Union (EU) and European Economic Area (EEA). This agreement outlines our commitment to working toward compliance with the General Data Protection Regulation (GDPR) as we expand our global infrastructure.

Why This Matters: If you're in the EU/EEA or process EU/EEA residents' data, this agreement is required by law to protect personal information.

Parties to This Agreement

Data Controller (You):

  • Who You Are: The organization or individual using OpenMirai
  • Your Role: You decide what personal data to collect and how to use it
  • Your Responsibilities: You're responsible for ensuring you have legal grounds to process data
  • Your Control: You control the data and determine processing purposes

Data Processor (OpenMirai):

  • Who We Are: OpenMirai, the platform provider
  • Our Role: We process personal data on your behalf
  • Our Responsibilities: We process data according to your instructions
  • Our Limitations: We can only process data as you direct

Data Processing Details

What Data We Process:

  • Student Information: Names, email addresses, course progress
  • User Accounts: Login credentials, profile information, preferences
  • Course Content: Educational materials, assignments, assessments
  • Usage Data: How users interact with your learning platform
  • Technical Data: Device information, IP addresses, browser data

How We Process Data:

  • Hosting: We store your data securely on our servers
  • Backup: We create secure backups of your data
  • Analytics: We provide insights about platform usage
  • Support: We use data to provide technical support
  • Security: We monitor data for security threats

Processing Purposes:

  • Service Delivery: Providing our learning management platform
  • User Management: Managing user accounts and access
  • Course Delivery: Delivering educational content and assessments
  • Communication: Sending notifications and updates
  • Improvement: Improving our platform and services

Data Processing Duration

How Long We Process Data:

  • Active Service: While you have an active OpenMirai account
  • Account Termination: 30 days after you close your account
  • Legal Requirements: Longer if required by law
  • Backup Retention: Secure backup retention for disaster recovery
  • Anonymized Data: We may keep anonymous data for improvements

Data Deletion Process:

  • Immediate Deletion: Data deleted from active systems
  • Backup Cleanup: Data removed from backup systems
  • Verification: We verify complete data deletion
  • Confirmation: We confirm deletion in writing
  • Audit Trail: We maintain records of deletion actions

Data Transfers and Locations

Where Your Data is Stored:

  • Primary Location: United States (with appropriate safeguards)
  • Backup Locations: Multiple secure locations for redundancy
  • CDN Services: Content delivery networks for performance
  • Processing Locations: Data may be processed in various locations
  • Legal Compliance: All locations meet legal requirements

International Transfers:

  • EU to US Transfers: Using approved transfer mechanisms
  • Standard Contractual Clauses: EU-approved data transfer terms
  • Adequacy Decisions: Where applicable, adequacy decisions
  • Additional Safeguards: Extra security measures for transfers
  • Your Rights: You can request information about transfers

Safeguards for Transfers:

  • Encryption: All data encrypted during transfer
  • Secure Protocols: Using secure communication protocols
  • Access Controls: Strict access controls in all locations
  • Regular Audits: Regular security assessments
  • Compliance Monitoring: Continuous compliance monitoring

Security Measures

Technical Security:

  • Encryption: AES-256 encryption for data at rest
  • TLS 1.3: Secure transmission of data
  • Access Controls: Role-based access control systems
  • Multi-Factor Authentication: Additional security for accounts
  • Regular Updates: Security patches and updates

Organizational Security:

  • Employee Training: Regular security training for our team
  • Access Policies: Clear policies for data access
  • Incident Response: Plans for security incidents
  • Regular Audits: Internal and external security audits
  • Vendor Management: Security assessment of third-party vendors

Physical Security:

  • Data Center Security: Secure facilities with access controls
  • Environmental Controls: Climate and power controls
  • Surveillance: Security monitoring and surveillance
  • Access Logging: Complete access and activity logs
  • Disaster Recovery: Comprehensive disaster recovery plans

Data Subject Rights

Your Responsibilities (as Controller):

  • Right to Access: You handle requests for data access
  • Right to Rectification: You handle requests to correct data
  • Right to Erasure: You handle requests to delete data
  • Right to Portability: You handle requests for data export
  • Right to Object: You handle objections to data processing

Our Support (as Processor):

  • Technical Assistance: We help you fulfill data subject requests
  • Data Export: We provide data in standard formats
  • Data Deletion: We delete data when you request
  • Request Processing: We help process data subject requests
  • Documentation: We document all data processing activities

Response Timeframes:

  • Access Requests: Within 30 days (as required by GDPR)
  • Rectification: Within 30 days
  • Erasure: Within 30 days
  • Portability: Within 30 days
  • Objections: Within 30 days

Data Breach Response

Our Responsibilities:

  • Detection: We monitor for and detect security incidents
  • Notification: We notify you within 72 hours of discovery
  • Investigation: We investigate incidents thoroughly
  • Containment: We contain and remediate incidents
  • Documentation: We document all incident details

Your Responsibilities:

  • Assessment: You assess the impact on data subjects
  • Notification: You notify relevant authorities if required
  • Communication: You communicate with affected individuals
  • Legal Compliance: You ensure compliance with notification laws
  • Coordination: You coordinate with us on incident response

Incident Communication:

  • Immediate Notification: We notify you immediately of incidents
  • Regular Updates: We provide regular updates during response
  • Final Report: We provide a comprehensive incident report
  • Lessons Learned: We share lessons learned and improvements
  • Prevention: We implement measures to prevent future incidents

Subprocessors and Third Parties

Our Subprocessors:

  • Cloud Providers: Secure cloud infrastructure services
  • Payment Processors: Secure payment processing services
  • Analytics Services: Usage analytics and monitoring
  • Support Tools: Customer support and communication tools
  • Security Services: Security monitoring and protection

Subprocessor Requirements:

  • Security Standards: All subprocessors meet our security standards
  • Data Protection: Subprocessors protect data appropriately
  • Compliance: Subprocessors comply with applicable laws
  • Contractual Terms: We have appropriate contracts with subprocessors
  • Regular Assessment: We regularly assess subprocessor security

Your Rights Regarding Subprocessors:

  • Notification: We notify you of new subprocessors
  • Objection: You can object to new subprocessors
  • Information: We provide information about subprocessors
  • Audit Rights: You can audit subprocessor compliance
  • Termination: You can terminate if subprocessor is unacceptable

Data Processing Records

What We Document:

  • Processing Activities: All data processing activities
  • Data Categories: Types of personal data processed
  • Data Subjects: Categories of individuals whose data we process
  • Processing Purposes: Why we process data
  • Data Recipients: Who receives data (if any)

Documentation Requirements:

  • Comprehensive Records: Complete records of all processing
  • Regular Updates: Regular updates to processing records
  • Access for Audits: Records available for audits
  • Regulatory Compliance: Records meet regulatory requirements
  • Your Access: You have access to processing records

Audit and Inspection:

  • Regular Audits: We conduct regular internal audits
  • External Audits: Third-party security assessments
  • Your Audits: You can conduct audits of our processing
  • Cooperation: We cooperate fully with audits
  • Documentation: We provide all necessary documentation

Data Processing Changes

When Changes Occur:

  • New Features: New features that process data differently
  • Service Updates: Updates to our platform or services
  • Legal Changes: Changes in data protection laws
  • Security Improvements: Enhanced security measures
  • User Feedback: Changes based on user input

Change Notification:

  • Advance Notice: We provide advance notice of changes
  • Impact Assessment: We assess the impact of changes
  • Your Approval: We get your approval for significant changes
  • Documentation: We document all changes
  • Training: We provide training on changes

Your Rights Regarding Changes:

  • Review: You can review proposed changes
  • Approval: You can approve or reject changes
  • Alternative Solutions: We can provide alternative solutions
  • Termination: You can terminate if changes are unacceptable
  • Compensation: We can provide compensation for changes

Contact and Support

Data Protection Officer:

Email us at: heretohelp@openmirai.com

What to include in your email:

  • Your specific question about data processing
  • Any concerns about data protection
  • Your organization information
  • Any relevant details about your situation

Support Response:

  • General Questions: Within 24-48 hours
  • Data Requests: Within 30 days (as required by GDPR)
  • Security Incidents: Immediate response for urgent matters
  • Compliance Issues: Within 24 hours for compliance concerns

GDPR Compliance:

  • Best-Effort Compliance: We strive to comply with GDPR requirements
  • Data Minimization: We only process necessary data
  • Purpose Limitation: We only process data for specified purposes
  • Storage Limitation: We don't keep data longer than necessary
  • Future Certification: We plan to obtain GDPR compliance certifications as we expand to Europe
  • Local Laws: We comply with local data protection laws
  • Industry Standards: We follow industry best practices
  • Contractual Obligations: We meet all contractual requirements
  • Regulatory Guidance: We follow regulatory guidance
  • International Standards: We align with international standards

OpenMirai Data Processing Agreement
Beta Status: Active until November 1, 2025

DPA Questions? Email us at heretohelp@openmirai.com

We're committed to protecting your data and working toward full compliance with data protection laws as we expand our global presence.

DMCA Copyright Policy

OpenMirai DMCA Copyright Policy - How we handle copyright infringement reports

End User License Agreement (EULA)

OpenMirai End User License Agreement - Software licensing terms for our platform

On this page

What is a Data Processing Agreement?Parties to This AgreementData Controller (You):Data Processor (OpenMirai):Data Processing DetailsWhat Data We Process:How We Process Data:Processing Purposes:Data Processing DurationHow Long We Process Data:Data Deletion Process:Data Transfers and LocationsWhere Your Data is Stored:International Transfers:Safeguards for Transfers:Security MeasuresTechnical Security:Organizational Security:Physical Security:Data Subject RightsYour Responsibilities (as Controller):Our Support (as Processor):Response Timeframes:Data Breach ResponseOur Responsibilities:Your Responsibilities:Incident Communication:Subprocessors and Third PartiesOur Subprocessors:Subprocessor Requirements:Your Rights Regarding Subprocessors:Data Processing RecordsWhat We Document:Documentation Requirements:Audit and Inspection:Data Processing ChangesWhen Changes Occur:Change Notification:Your Rights Regarding Changes:Contact and SupportData Protection Officer:Support Response:Legal Framework and ComplianceGDPR Compliance:Other Legal Requirements:Related Documents