Legal

Data Processing

1. Purpose of This Page

This page gives a transparent overview of how and where your personal data is processed when you use Mentisonic. It complements the Privacy Policy, which describes your rights and our legal bases.

Data Controller

GDOELLERS INTERNATIONAL - FZCO, Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates

office@gdoellers.com

2. What "Processing" Means

"Processing" covers any operation performed on personal data collecting, storing, using, transmitting, or deleting it. We process personal data only for purposes described in the Privacy Policy, on a valid legal basis under Art. 6 (and Art. 9 for health-related data) GDPR, and for no longer than necessary.

3. Categories of Processing

ActivityData involvedPurpose
Account managementEmail, name, password hashCreate and secure your account
AuthenticationDevice info, IP, session tokensLog you in, enforce session security
Wellness assessmentDosha quiz answers, profileRecommend frequency programmes
Audio streamingSessions, durationsDeliver and track playback
AI searchSearch queriesReturn search results
BillingPlan, status, masked card dataProcess payments and renewals
CommunicationsEmail addressSend service emails
SecurityLogs, IP addressesDetect abuse, debug

4. Sub-Processors

Each processor processes data only on our instructions and is bound by a Data Processing Agreement under Art. 28 GDPR.

Sub-processorServiceData processedLocation
MamopayPayment processing & billingName, email, payment/card dataUnited Arab Emirates (Dubai)
Amazon Web Services (AWS)Cloud hosting & audio storageAll backend dataUnited States (us-east-1, N. Virginia)
Google (Gemini API)AI search & recommendationsSearch queriesUnited States / global

5. International Transfers

Some sub-processors process data outside the European Economic Area (EEA). Where this occurs, we ensure adequate protection through EU Standard Contractual Clauses (SCCs) or other Art. 46 GDPR mechanisms. The safeguard applied per sub-processor:

  • Amazon Web Services (USA): AWS Data Processing Addendum incorporating EU Standard Contractual Clauses (SCCs).
  • Google / Gemini API (USA): Google Data Processing Addendum with SCCs; Google is certified under the EU–US Data Privacy Framework (DPF).
  • Mamopay (UAE): Standard Contractual Clauses under Mamopay’s Data Processing Agreement (exact safeguard pending written confirmation from Mamopay).

You may request more information by contacting us at office@gdoellers.com.

7. Technical & Organisational Measures

A summary of security measures is in the Data Security section of the Privacy Policy. These include encryption in transit, hashed passwords, restricted production access, rate limiting, and security logging.

8. Your Rights

Your rights access, rectification, erasure, restriction, portability, objection, and the right to complain are described in full in the Privacy Policy.

9. Contact

Questions about data processing: office@gdoellers.com. Full operator details are in the Imprint.