Role model
For customer content in the product beta, the customer usually acts as the controller or business that decides why and how business communications are processed. Retena usually acts as a processor or service provider that processes customer content according to customer instructions and the agreement.
Some website, security, billing, and support data may be processed by Retena as an independent controller where Retena decides the purpose and means of processing.
Expected DPA topics
- Documented processing instructions and permitted purposes.
- Confidentiality and access controls for personnel and service providers.
- Technical and organizational security measures appropriate to the beta scope.
- Subprocessor authorization, notice, and objection process.
- Assistance with data subject requests, deletion, export, security incidents, and audits where applicable.
- International transfer safeguards where required.
- Return or deletion of customer content at termination, subject to backups, legal obligations, and agreed retention schedules.
Customer instructions
Customers should document what conversations may be connected, who may access the workspace, what retention period applies, whether AI features are enabled, what exports are allowed, and who can approve deletion or support access.
Request a formal DPA
For paid, enterprise, EU/UK, California, or sensitive-workflow deployments, request a formal DPA review at founders@retena.app before relying on Retena for production processing.