Data Processing Agreement

Last Updated: June 8, 2026

This Data Processing Agreement ("DPA") governs the processing of organizational financial records and user metadata in connection with Money OS.

1. Processing Roles

Under GDPR, CCPA, and associated data preservation rules, the roles of the parties are defined as follows:

• The Customer (You): Acts as the Data Controller, maintaining ultimate ownership and sovereignty over transaction entries, clients, and budget logs.
• Money OS: Acts as the Data Processor, maintaining database clusters, indexing logs, and executing user queries strictly on behalf of the Controller.

2. Technical Security & Logical Isolation

Processor enforces security configurations directly inside the operational data handlers:

• Workspace Partitioning: All ledger transactions are bounded to a unique tenant identifier. No cross-tenant database lookups are allowed by the platform's controllers.
• Security Records: Authentication logs, including IP metadata or login success codes, are locked to detect credential attacks.

3. Authorized Subprocessors

To provide the ledger engine, we utilize infrastructure partners:

• Database Hosting: MongoDB Atlas (cloud database instances for transactional storage).
• App Server Hosting: Vercel (application deployments and static page distribution).

4. Tenant Deletion Request

Upon request from the verified workspace administrator, we will purge all database entries tied to your tenantId, including transactions, clients, budgets, and invited team memberships. Requests are processed within 30 days. Contact us at moneyos@webasthetic.in.