Data Processing
1. Purpose of This Page
This page gives a transparent overview of how and where your personal data is processed when you use Mentisonic. It complements the Privacy Policy, which describes your rights and our legal bases.
Data Controller
GDOELLERS INTERNATIONAL - FZCO, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates
office@gdoellers.com
2. What "Processing" Means
"Processing" covers any operation performed on personal data collecting, storing, using, transmitting, or deleting it. We process personal data only for purposes described in the Privacy Policy, on a valid legal basis under Art. 6 (and Art. 9 for health-related data) GDPR, and for no longer than necessary.
3. Categories of Processing
| Activity | Data involved | Purpose |
|---|---|---|
| Account management | Email, name, password hash | Create and secure your account |
| Authentication | Device info, IP, session tokens | Log you in, enforce session security |
| Wellness assessment | Dosha quiz answers, profile | Recommend frequency programmes |
| Audio streaming | Sessions, durations | Deliver and track playback |
| AI search | Search queries | Return search results |
| Billing | Plan, status, masked card data | Process payments and renewals |
| Communications | Email address | Send service emails |
| Security | Logs, IP addresses | Detect abuse, debug |
4. Sub-Processors
Each processor processes data only on our instructions and is bound by a Data Processing Agreement under Art. 28 GDPR.
| Sub-processor | Service | Data processed | Location |
|---|---|---|---|
| Mamopay | Payment processing & billing | Name, email, payment/card data | United Arab Emirates (Dubai) |
| Amazon Web Services (AWS) | Cloud hosting & audio storage | All backend data | United States (us-east-1, N. Virginia) |
| Google (Gemini API) | AI search & recommendations | Search queries | United States / global |
5. International Transfers
Some sub-processors process data outside the European Economic Area (EEA). Where this occurs, we ensure adequate protection through EU Standard Contractual Clauses (SCCs) or other Art. 46 GDPR mechanisms. The safeguard applied per sub-processor:
- •Amazon Web Services (USA): AWS Data Processing Addendum incorporating EU Standard Contractual Clauses (SCCs).
- •Google / Gemini API (USA): Google Data Processing Addendum with SCCs; Google is certified under the EU–US Data Privacy Framework (DPF).
- •Mamopay (UAE): Standard Contractual Clauses under Mamopay’s Data Processing Agreement (exact safeguard pending written confirmation from Mamopay).
You may request more information by contacting us at office@gdoellers.com.
7. Technical & Organisational Measures
A summary of security measures is in the Data Security section of the Privacy Policy. These include encryption in transit, hashed passwords, restricted production access, rate limiting, and security logging.
8. Your Rights
Your rights access, rectification, erasure, restriction, portability, objection, and the right to complain are described in full in the Privacy Policy.
9. Contact
Questions about data processing: office@gdoellers.com. Full operator details are in the Imprint.