Roles
Controller: the Customer (hiring company). Processor: Manera Technologies Inc. Enterprise customers may request a signed DPA under GDPR Article 28 and equivalent laws. Contact [email protected].
Sub-processors
We use the following sub-processors: Anthropic (LLM inference, ephemeral no-training-on-inputs guarantee), Stripe (payment processing for subscriptions), Cloudflare (DNS / CDN / DDoS protection). A current list is maintained and updated with 30 days' notice.
Security measures
- TLS 1.3 in transit · AES-256 at rest
- HMAC-signed inter-service calls (Phase A security doctrine)
- Cost-circuit-breaker + anomaly detection mesh-wide
- Hourly encrypted off-site backups with 30-day retention
- Quarterly sub-processor security review
Breach notification
In the event of a personal data breach, we notify affected Customers without undue delay and in any case within 72 hours of becoming aware, as required by GDPR Article 33, Québec Law 25 section 3.5, PIPEDA Mandatory Breach Notification Rules, and equivalent laws.