This page summarises the data processing model YUNIT uses for business customers. It does not replace a signed data processing agreement where one is required.
Roles
Depending on the service, YUNIT may act as an independent controller, a processor for a merchant tenant, or a separate service provider managing identity, consent, audit, and deletion workflows. The applicable role is defined by the contract and workflow.
Processing scope
- Tenant onboarding, API credential management, OAuth client registration, and support.
- Consumer profile, wallet, consent, revocation, and audit operations.
- Deletion requests, DPA signature records, auditor exports, and incident evidence.
- Email delivery, authentication, security monitoring, billing, and operational support.
Processor commitments
- Process personal data only for the documented service purpose or customer instruction.
- Use appropriate technical and organisational measures for confidentiality, integrity, and availability.
- Restrict access to authorised personnel and service providers with a need to process the data.
- Support deletion, export, incident review, and audit evidence workflows where applicable.
Subprocessors
YUNIT may use infrastructure, email, payment, analytics, and security providers to deliver the service. Subprocessors are selected for operational necessity and are expected to protect data under appropriate contractual and technical controls.
Signing a DPA
If your organisation needs a formal DPA record, use the DPA form or contact YUNIT before production onboarding.