Data Processing Agreement
Last Updated: February 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between NeliteNine ("Processor") and the User ("Controller"). It reflects the parties' agreement with regard to the processing of Personal Data.
1. Subject Matter & Duration
The subject matter of the processing is the performance of the services provided by NeliteNine (cognitive training, analytics). The duration of the processing corresponds to the duration of the User's subscription or account activity.
2. Nature & Purpose
The Processor will process Personal Data only for the purpose of providing the Services, including:
- Authentication and account management.
- Calculation of cognitive performance metrics (Fluid Intelligence).
- Anti-cheat verification and integrity monitoring.
- Customer support and billing.
3. Sub-processors
The User grants general authorization to the Processor to engage third-party sub-processors to support the delivery of the Services. Current sub-processors include:
| Entity | Role | Location |
|---|---|---|
| Supabase Inc. | Database & Auth Provider | USA / EU (AWS) |
| Vercel Inc. | Hosting & Edge Computing | Global (CDN) |
| Stripe Inc. | Payment Processing | Global |
4. Security Measures
The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256).
- Strict access controls and least-privilege principles for employee access.
- Regular vulnerability scanning and security audits.
This DPA is automatically executed upon acceptance of the Terms of Service.