Skip to content
Data processing

Data Processing Agreement

Summary for Buklot Cloud customers.

This page is a plain-language summary, not the contract itself. The full, signed Data Processing Agreement is available on request and prevails in case of any difference.

Roles

When you use Buklot Cloud to run your booking site, you are the data controller for your end-clients' personal data (such as bookings and contact details). Buklot (Mindscrollers LLC) acts as your data processor and handles that data only on your documented instructions.

Subject matter and duration

The processing covers hosting your site, storing your bookings and client records, and sending transactional emails on your behalf. It lasts for as long as your Buklot Cloud subscription is active. When it ends, we return or delete the personal data in line with the retention terms in your account.

Data and data subjects

The data subjects are your end-clients. The personal data typically includes names, email addresses, phone numbers, appointment and booking history, and any notes you record. Buklot does not use this data for its own purposes.

Sub-processors

We use a small set of vetted sub-processors to deliver the service. Each is bound by data-protection terms:

  • Stripe
    Payment processing (subscriptions and card-on-file).
  • Hostinger
    Hosting and infrastructure for the application and data.
  • Google
    Website analytics (GA4), only where you enable it.
  • Meta
    Advertising measurement (Meta Pixel), only where you enable it.
  • SMTP / email delivery provider
    Delivery of transactional and relay email on your behalf.

Security measures

We protect the data with HTTPS encryption in transit, hashed credentials, signed session tokens, role-based access controls, file-locked storage, downloadable backups and an append-only audit log of administrative changes.

International transfers

Where a sub-processor processes personal data outside the European Economic Area, for example in the United States, the transfer relies on appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) together with any additional measures required.

Data subject requests

As the controller, you handle requests from your end-clients. Buklot gives you built-in tools to export or delete any client record, so you can meet access and erasure requests, and we assist you where the agreement requires it.

Request the signed DPA

To receive the full Data Processing Agreement for signature, email hello@buklot.com. We will also notify you of any change to our sub-processors so you can object if needed.