top of page

REGISTERLY

📄 Data Processing Agreement (DPA)

Last updated: 25/112025

This DPA forms part of the Terms of Service between the Customer (“Controller”) and App With Flow (Florent Pottevin) (“Processor”) for the Registerly Service.

1. Definitions

  • Controller: You, the business using Registerly

  • Processor: App With Flow

  • Personal Data: Any data relating to an identifiable person

  • Processing: Any operation performed on personal data

  • Subprocessors: Third parties used by the Processor

2. Subject Matter

Registerly processes personal data on behalf of the Controller to provide:

  • Invoicing

  • Client CRM

  • Loyalty features

  • Stock and product management

  • Emailing

  • Analytics

  • AEAT submissions (optional)

  • Device and subscription management

3. Duration

This DPA remains valid while the Controller uses the Service.

4. Nature and Purpose of Processing

As described in the Privacy Policy, including storage, transmission, emailing, analytics, and device association.

5. Types of Data

  • User identity data

  • Client CRM

  • Business data

  • Invoice data

  • Technical device info

  • Login and subscription metadata

6. Processor Obligations

Processor shall:

  • Process data only on documented instructions

  • Maintain confidentiality

  • Implement appropriate security

  • Notify Controller of data breaches

  • Assist with GDPR rights requests

  • Delete or return data upon termination

  • Keep records of processing operations

7. Subprocessors

Controller authorizes the use of:

  • Google Firebase (hosting, Firestore, Cloud Functions)

  • RevenueCat (subscription transactions)

  • Google/Apple OS APIs (communications, printing, file storage)

  • AEAT (for Veri*Factu submissions if enabled)

All subprocessors comply with GDPR SCCs or equivalent safeguards.

8. International Transfers

Transfers may occur to Firebase regions outside the EU. SCCs apply.

9. Controller Obligations

You agree to:

  • Ensure lawful basis for collecting your clients’ data

  • Not upload illegal or harmful content

  • Respond to data subjects’ rights requests

  • Configure business settings responsibly

  • Manage legal compliance for invoicing and taxation

10. Security Measures

Processor implements:

  • Firestore security rules

  • HTTPS encryption

  • Hash-chained invoices

  • Device binding

  • Access controls and logs

11. Breach Notification

Processor will notify Controller without undue delay upon detecting a data breach.

12. Data Return & Deletion

Upon account deletion, Processor will:

  • Delete user/device/client/product data

  • Anonymize invoices

  • Remove business documents

bottom of page