1. Introduction
This Data Processing Addendum ("DPA") describes how Vireon Dynamics processes personal data on behalf of Team and Enterprise customers using Liminal AI cloud services (org memory sync, session history, audit logs, managed inference metadata, and related features). It supplements our Privacy Policy and Terms of Service.
For a countersigned enterprise DPA or SCC package, contact admin@vireondynamics.com.
2. Roles
- Customer — data controller for end-user and org content you upload
- Vireon — data processor for that content when hosted in our control plane
For account registration data (your admins' emails), Vireon may act as an independent controller for billing and account management.
3. Processing details
| Subject matter | Hosting Team/Enterprise cloud features |
|---|---|
| Duration | Subscription term + retention per Privacy Policy |
| Categories of data | Account identifiers, org membership, synced notes/vault/session payloads you upload, audit events, inference usage metadata |
| Data subjects | Customer personnel and authorized users |
| Nature & purpose | Storage, retrieval, sync, billing metering, security monitoring, support |
4. Customer obligations
- Provide lawful instructions and a lawful basis for processing
- Configure org access and policies appropriately
- Inform end users as required by applicable law
- Do not upload special-category data unless agreed in writing
5. Security measures
We implement technical and organizational measures including TLS in transit, access controls, signed tokens, webhook verification, least-privilege service credentials, and audit logging for admin APIs. Details available on request for enterprise security reviews.
6. Subprocessors
We use the subprocessors listed in our Privacy Policy (Supabase, Stripe, Vercel, email providers, analytics with consent, LLM upstream routers). We will notify enterprise customers of material subprocessor changes where contractually required.
7. International transfers
Where personal data is transferred outside the EEA/UK, we rely on appropriate safeguards such as Standard Contractual Clauses incorporated into processor agreements, or equivalent mechanisms under applicable law.
8. Data subject requests
We will assist customers in responding to verifiable data subject requests, to the extent permitted by law and technically feasible, when customers submit requests to admin@vireondynamics.com.
9. Breach notification
We will notify affected enterprise customers without undue delay after confirming a personal data breach affecting customer-controlled data processed on their behalf, with information required by applicable law.
10. Deletion
Upon termination, customer content is deleted or returned per the Privacy Policy retention schedule, except where retention is required by law. Backups may persist for a limited window before rolling off.
11. Contact
Enterprise privacy & DPA: admin@vireondynamics.com