MALIEGA FA'AGAIOIGA FA'AMAUMAUGA
O le Maliega Fa'agaioiga Fa'amaumauga, i se faitauga manino.
v1.2.1 · Effective from publication date
Tusia ina ia mafai e lau DPO ona fa'amaonia i le nofo e tasi. O tu'utu'uga uma, sub-processor, ma puipuiga e fa'amaumauina atoatoa. O le PDF saini o lo'o iai le anotusi tutusa.
LAUTELE & MATAFAIOI
O ai e faia le a, i fa'amaumauga a ai.
I lalo o lenei DPA, o le Tagata Fa'atau o le pule o fa'amaumauga ma o Sageio e galue e fai ma sui fa'agaioiga mo le Tagata Fa'atau. E na'o le fa'agaioia e Sageio o fa'amaumauga patino e tu'uina atu ai le tautua konekarate — fa'aliliu fonotaga i le taimi moni, tusitusiga, ma aotelega — ma na'o i lalo o fa'atonuga fa'amaumauina a le Tagata Fa'atau. O lenei DPA o se vaega o le Maliega Lesitala i le va o Sageio ma le Tagata Fa'atau; pe a feteenai, e manumalo le DPA i mataupu o le fa'agaioiga o fa'amaumauga patino. E fa'atatau i gaioiga fa'agaioiga uma e fai e feso'ota'i ma le tulaga Sageio.
FA'AMAUMAUGA UA FA'AGAIOIA
O mea matou te fa'agaioia, ma le mafua'aga e mafai ai.
| Vaega o fa'amaumauga | Fa'amoemoe o le fa'agaioiga | Faavae faaletulafono (GDPR Art. 6) | Tausiga |
|---|---|---|---|
| Leo fonotaga | Liua tautalaga i tusitusiga ma fa'aliliu i le taimi o le fonotaga. | Art. 6(1)(b) — performance of contract. | Tafe mo le tusitusiga ola ma fa'agaioia na'o le manatua; e le tusia lava i le teuga. E le fa'aaoga mo le a'oa'oina o fa'ata'ita'iga. |
| Tusitusiga & fa'aliliuga fonotaga | Teuga ma le toe maua e sui o le avanoa galue a le Tagata Fa'atau. | Art. 6(1)(b) — performance of contract. | Tausia se'ia tape e le Tagata Fa'atau pe a tape le teugatupe. |
| Aotelega & mea e fai | Fa'aaliga fonotaga ua gaosia e le AI mai le tusitusiga. | Art. 6(1)(b) — performance of contract. | E mulimuli i le tausiga o le tusitusiga. |
| Fa'asino o le teugatupe (igoa, imeli, matafaioi) | Fa'amaonia, avanoa i le galuega, ma su'etusi. | Art. 6(1)(b) — performance of contract. | Umi o le teugatupe fa'aopoopo i le 30 aso pe a uma le tapunia. |
| Fa'amatalaga o le avanoa galue & fa'aaogaina | Fa'agaioiga o le tautua, fa'aleleiga pili, ma puipuiga o le fa'aleagaina. | Art. 6(1)(b) and Art. 6(1)(f) — legitimate interest in service integrity. | 12 masina mai le gaosiga. |
| Su'etusi | Mata'ituina saogalemu ma iloiloga avanoa a le Tagata Fa'atau. | Art. 6(1)(f) — legitimate interest in security. | 12 masina mai le gaosiga. |
| Fa'asino pili | Pulega o le lesitala. O fa'amaumauga o le kata totogi e fa'agaioia e LemonSqueezy e fai ma Merchant of Record ma e le teuina e Sageio. | Art. 6(1)(b) — performance of contract. | Umi o le teugatupe fa'aopoopo i le 7 tausaga mo fa'amaumauga lafoga. |
SUB-PROCESSORS
O le filifili atoa o le tausiga.
| Sub-processor | Fa'amoemoe | Nofoaga fa'agaioia |
|---|---|---|
| Amazon Web Services | Talimalo i le ao, teuga mea, pulega o ki fa'ailoga puipui. | Itulagi e filifili e le Tagata Fa'atau (fa'atonuga: Sigapoa, Asia-Pasefika). EU ma US i fuafuaga Pisinisi Tetele. |
| Neon | Fa'amaumauga PostgreSQL e pulea mo fa'amaumauga app. | Itulagi e fetaui ma le itulagi AWS autū a le Tagata Fa'atau. |
| Vercel | Talimalo mo le tulaga fa'asalalauga ma le app web mo tagata fa'atau. | Upega pito fa'avaomalo. Puna: itulagi e filifili e le tagata fa'atau. |
| Clerk | Fa'amaonia, saini-tasi, ma pulega o fa'asino igoa. | Iunaite Setete. |
| Deepgram | Liua tautalaga i tusitusiga o le leo fonotaga. | Iunaite Setete. |
| OpenAI | Liua tautalaga i tusitusiga i le taimi moni o le leo fonotaga (afi fa'atonuga mo avanoa galue fou) ma le liua o faila leo ua tu'uina atu. | Iunaite Setete. |
| DeepL | Fa'aliliu o vaega tusitusiga le tumau ma le fa'aliliu mulimuli mo gagana sini filifilia. | Siamani (EU). |
| Google (Gemini API) | Fa'aleleiga fa'aliliu o vaega tusitusiga ua fa'amae'a; aotelega ua gaosia e le AI ma mea e fai. | Iunaite Setete. Data not used to train Google models per paid-tier Gemini API terms. |
| Resend | Auina atu imeli fa'afefiloi (fa'ailoga o le teugatupe ma le tautua; imeli aotelega fonotaga e auina atu i le talosaga a le tagata fa'aaoga). | Iunaite Setete. |
Lemon Squeezy (a Stripe company) is not a sub-processor: as Merchant of Record it determines its own purposes for payment, tax, and invoicing, and acts as an independent data controller under its own privacy policy.
Plausible (cookieless website analytics) operates only on our marketing site and does not process platform personal data under this DPA; it is disclosed in the Privacy Policy.
TAUTINOGA A LE FA'AGAIOIGA
Mataupu 28, tusia i le konekarate.
These commitments form part of the DPA. The English text is the authoritative version; localized translations will follow the signed-off text.
- Suiga o sub-processor
- Sageio maintains the current sub-processor list at sageio.net/subprocessors. Sageio will give Customer at least 30 days' notice (by email or in-app notice) before adding or replacing a sub-processor. Customer may object on reasonable data-protection grounds within the notice period; if the parties cannot resolve the objection, Customer may terminate the affected services and receive a pro-rata refund of prepaid fees for the unused period. Sageio imposes data-protection obligations equivalent to this DPA on each sub-processor and remains liable for their performance.
- Fa'ailoaina o le solia o fa'amaumauga patino
- Sageio will notify Customer without undue delay, and in any event within 24 hours of confirming a personal-data breach affecting Customer personal data, and will provide the information reasonably required for Customer's obligations under Articles 33–34 GDPR, with updates as the investigation proceeds.
- Tapeina ma le toe fa'afo'i
- Upon termination or expiry of the services, Sageio will, at Customer's choice, delete or return all Customer personal data within 30 days, and delete remaining copies, except where applicable law requires retention. Personal data in encrypted backups is purged on the standard 30-day backup rotation cycle.
- Fesoasoani ma su'etusi
- Taking into account the nature of the processing, Sageio will assist Customer with appropriate technical and organizational measures in responding to data-subject requests, and with Customer's obligations under Articles 32–36 GDPR, including data-protection impact assessments and prior consultations. Sageio will make available information reasonably necessary to demonstrate compliance with Article 28 — including summaries of penetration tests and, when available, audit reports — and will allow audits, including inspections, by Customer or its mandated auditor, no more than once per twelve months, on 30 days' notice, at Customer's expense and subject to confidentiality.
- Faalilolilo ma fa'atonuga
- Sageio ensures that persons authorized to process personal data are committed to confidentiality. Sageio will inform Customer without undue delay if, in its opinion, an instruction infringes applicable data-protection law.
- Fa'amaoniga a le Tagata Fa'atau
- Customer warrants that it has established a lawful basis for the processing it instructs under this DPA, including any notices to and consents from meeting participants required by applicable law and — where meeting content incidentally contains special categories of personal data — a condition under Article 9(2) GDPR. Sageio does not use meeting content to identify any person by voice and creates no biometric templates.
- Vaitaimi, tulafono pule, ma le matafaioi
- This DPA takes effect with, and lasts for the duration of, the Subscription Agreement; it is governed by the same law, and the limitations of liability in the Terms of Service apply to it, except where mandatory data-protection law provides otherwise.
FUA SAOGALEMU
E feiloa'i le inisinia ma le tautinoga.
Sageio implements technical and organizational measures appropriate to the risk of processing, including encryption in transit (TLS 1.3) and at rest (AES-256-GCM), role-based access control, audit logging, regular penetration testing, and a documented incident response process. Production access requires explicit business justification, is time-bound, and is logged. The complete catalog of measures, including current compliance program status, is published on the Security page and updated as the program evolves.
FA'ALILIUGA FA'AVAOMALO
Fa'amaumauga fevaeloa'i, fa'agaioia faaletulafono.
Where personal data is transferred outside the European Economic Area, the United Kingdom, or other jurisdictions with equivalent restrictions, Sageio relies on the European Commission's Standard Contractual Clauses (Module Two: Controller-to-Processor) and, where applicable, the UK International Data Transfer Addendum. For transfers to jurisdictions covered by an adequacy decision, Sageio relies on that decision. Sub-processors are bound to equivalent obligations through contractual flow-down. Transfer impact assessments are conducted for each sub-processor processing personal data outside the data exporter's jurisdiction.
The SCCs (Module Two: Controller-to-Processor) and the UK International Data Transfer Addendum are incorporated into this DPA by reference. Annex I (parties; description of processing) is constituted by the parties' details and the "Data processed" table above, which may incidentally include special categories of data contained in meeting content; Annex II (technical and organizational measures) by the "Security measures" section; Annex III (authorized sub-processors) by the "Sub-processors" table. In case of conflict, the SCCs prevail.
AIA A TAGATA FA'AMAUMAUGA
O aia o au tagata fa'aaoga, o a matou matafaioi.
- Aia e maua ai — fa'amaonia ma se kopi o fa'amaumauga patino ua fa'agaioia.
- Aia e fa'asa'o ai — fa'asa'oina o fa'amaumauga sese pe le atoatoa.
- Aia e tape ai — tapeina i totonu o le 30 aso o se talosaga aoga, fa'atatau i mana'oga tausiga faaletulafono.
- Aia e fa'atapula'a ai — fa'atapula'aina o le fa'agaioiga i tulaga fa'amaoti.
- Aia e ave atu ai fa'amaumauga — ave atu i se fa'asologa faatulagaina, e mafai e le masini ona faitau.
- Aia e tete'e ai — e aofia ai le fa'agaioiga e fa'avae i le manaomia fa'aletulafono.
- Aia e tu'uina atu ai se faitio i le pulega vaaia talafeagai.
FA'AFESO'OTA'I
Tagata moni, pusameli fa'aigoa.
- Privacy: privacy@sageio.net
- Security: security@sageio.net
Sageio is operated by 好客網路股份有限公司 (Unified Business No. 29041135), a company registered in Taiwan. Registered address: No. 205, Hulin Street, Xinyi District, Taipei City, Taiwan (臺北市信義區虎林街205號). Privacy contact: privacy@sageio.net.
Tala faasolopito o lomiga
- v1.2.1June 14, 2026Gemini paid-tier confirmation completed (interim note removed); sub-processor commitment now points to the live /subprocessors page; Traditional Chinese translation of the processor commitments and SCC incorporation added.
- v1.2June 13, 2026Sub-processor table correction: OpenAI added (real-time speech-to-text, default engine for new workspaces); DeepL purpose extended to final translation for selected languages; Resend purpose includes meeting-summary emails; Gemini terms basis corrected to paid-tier API (confirmation in progress). Configurable-retention-window statements removed to match current system behavior.
- v1.1June 13, 2026Article 28 processor commitments added; sub-processor table expanded (DeepL, Resend); retention entries corrected to match system behavior; SCCs and UK Addendum incorporated with Annex mapping.
- v1.0Effective from publicationInitial publication.