Legal
Data Processing Addendum
Last updated 1 June 2026
This addendum forms part of the agreement between you (the controller) and MendzCo (the processor) for the personal data we process on your behalf.
1. Roles
You are the data controller for the operational and guest-availability data you connect. MendzCo acts as a processor, handling that data only on your documented instructions.
2. Scope of processing
We process the data needed to sync calendars, display sync health, send the alerts you configure, and publish the feeds you create. The subject matter is calendar availability and account data; the duration is the life of your account.
3. Confidentiality
Personnel authorised to process your data are bound by appropriate confidentiality obligations.
4. Security
We maintain technical and organisational measures appropriate to the risk, including encryption in transit, token-scoped feeds, and least-privilege access.
5. Sub-processors
We use vetted sub-processors (such as hosting and payment providers) under written terms that impose equivalent data-protection obligations. We will inform you of material changes to our sub-processors.
6. Data subject requests
We assist you in responding to data subject requests, and provide self-service export and deletion tools within the panel.
7. Breach notification
We will notify you without undue delay after becoming aware of a personal data breach affecting your data.
8. Deletion & return
On termination, we delete or return your personal data in line with the deletion process described in your settings, save where retention is required by law.
This document is a plain-language template provided for the MendzCo product and is not legal advice. Replace it with your own reviewed policy before relying on it commercially.