Data Processing Agreement

This Data Processing Agreement applies where a ReRune customer uses the platform to process personal data in customer content and BasalBit GmbH processes that personal data on the customer's behalf.

For that customer content, the customer acts as controller or processor for its own upstream customer, and BasalBit GmbH acts as processor or subprocessor according to the customer's documented instructions.

BasalBit GmbH remains controller for account administration, billing administration, platform security, legal compliance, service communications, and other processing described in the Privacy Policy.

• Subject matter: providing ReRune localization workspaces, collaboration, import, export, translation, integration, API, CLI, and OTA delivery workflows.
• Duration: the term of the customer's use of ReRune plus the period required for deletion, export, backup expiry, dispute handling, security, billing, tax, and legal retention.
• Nature and purpose: hosting, storing, copying, transmitting, displaying, translating, exporting, delivering, securing, and supporting customer content and workspace data.
• Data categories: account identifiers, invited-user email addresses, roles, project metadata, languages, locales, translation keys, translation values, prompts, dictionaries, comments, tags, imported files, exported files, and runtime delivery settings.
• Data subjects: customer personnel, invited workspace members, contractors, translators, product users, or other people whose personal data the customer includes in localization content.

The customer is responsible for the lawfulness of personal data included in customer content and for ensuring that all required notices, rights, permissions, legal bases, and upstream processor permissions exist before using ReRune.

BasalBit GmbH processes customer content only to provide ReRune, perform requested workflows, maintain security, support the account, comply with law, and follow documented customer instructions expressed through the product, support requests, contracts, and applicable settings.

Customers must not place secrets, credentials, payment card data, health data, regulated sensitive data, or unlawful material into ReRune unless they have all required rights, legal bases, safeguards, and written instructions in place.

• Process personal data only on documented instructions unless Union or Member State law requires different processing.
• Ensure that people authorized to process customer personal data are bound by confidentiality obligations.
• Maintain appropriate technical and organizational measures for the ReRune service.
• Assist customers with data-subject requests, security obligations, and data protection impact assessment support where required and reasonably possible for the ReRune service.
• Notify customers without undue delay after becoming aware of a personal data breach affecting customer content.
• Make information reasonably necessary to demonstrate compliance with this DPA available to customers.

ReRune uses self-hosted application infrastructure on Hostinger, access controls, account verification flows, password reset flows, operational logging, role-based workspace access, and provider-side security controls to protect the service.

Customers are responsible for configuring workspace roles, protecting credentials, reviewing invited users, limiting exports and API access, and avoiding unnecessary personal data in localization content.

BasalBit GmbH uses the subprocessors listed on the Subprocessors page for confirmed ReRune production workflows. BasalBit GmbH remains responsible for subprocessor selection and appropriate contractual commitments.

DeepL and OpenRouter receive customer content only when the customer enables the relevant optional integration and a user triggers the corresponding translation workflow.

Customers authorize BasalBit GmbH to use the listed subprocessors for ReRune. Customers can review the public Subprocessors page for current provider, purpose, data-category, and transfer context information.

Core hosting is located in Frankfurt, Germany. Stripe Payments Europe, Limited is located in Ireland / EEA. DeepL SE is located in Germany / EU. OpenRouter, LLC is located in the United States and receives content only for customer-triggered optional AI translation workflows.

Where personal data is transferred outside the EEA, BasalBit GmbH relies on the safeguards provided by the relevant provider terms, data processing agreements, standard contractual clauses, adequacy decisions, or other transfer mechanisms available under applicable data protection law.

Customers can export available workspace data through ReRune functionality. Profile deletion is irreversible and customers should export data before deleting a profile.

ReRune does not automatically delete workspace data after subscription cancellation or downgrade. Workspace data remains available under free-account rules until users delete relevant data or legal, billing, security, or operational retention requires continued storage.

Billing, invoice, payment, tax, commercial, security, and legal records remain stored where applicable law or legitimate operational needs require retention.

Customer audit rights are handled through reasonable written requests for information relevant to the ReRune service and this DPA. Audits must protect the security, confidentiality, and availability of ReRune and other customers.

Questions about this DPA can be sent to BasalBit GmbH at info@basalbit.com.