This Data Processing Agreement (DPA) forms part of the Terms between the customer and Nebulix for business use of Flowix. It applies when Nebulix processes personal data on behalf of a business customer.
The customer is the controller for personal data entered into Flowix (client names, team user accounts, job records, financial data). Nebulix is the processor for that customer data and may also act as controller for billing, support, and security records.
Subject matter: providing agency operations software including briefs, campaigns, pipeline management, proposals, job orders, invoicing, team management, and accounts.
Data categories: user names and emails, client names and contacts, campaign and job data, financial transactions, team roles, and activity logs.
Purpose: service delivery, security, billing, fraud prevention, and legal compliance.
Nebulix may use the following categories of sub-processors for Flowix:
Nebulix remains responsible for sub-processor performance as required by applicable data-protection law.
Flowix data is stored in Supabase (Tokyo region). Where data is processed outside the UAE or your home jurisdiction, Nebulix relies on contractual, technical, and organisational safeguards including encryption in transit (TLS) and at rest.
At the end of the subscription, Nebulix retains workspace data for 90 days to allow for data export, then deletes the organisation's records. Billing, tax, and legal records are retained as required by applicable law.
DPA requests: [email protected].