Data Processing Agreement

Overview

Momento is operated by Jyoti Traders. Momento acts as a data processor when you use the Service to collect guest photos on behalf of your clients. You remain the controller for guest data in your events. This page summarizes our subprocessor list and standard security measures. For a signed DPA, contact us before enterprise or white-label deployments.

Subprocessors

• Supabase

  Database, authentication, file storage

  Location: India (Mumbai) / AWS

  supabase.com

• Vercel

  Web hosting and API edge

  Location: Global (includes US/EU)

  vercel.com

• Razorpay

  Payment processing (paid plans)

  Location: India

  razorpay.com

• Google

  Optional OAuth sign-in only

  Location: Global

  google.com

Security measures

• TLS encryption in transit; encrypted storage at rest via Supabase/AWS
• Private photo bucket with time-limited signed URLs for gallery access
• Role-based host auth, guest tokens for guest mutations, CSRF and rate limits
• Events are private and excluded from search indexing
• No ad tracking or analytics SDKs on guest flows

Data subject requests

Hosts can delete events and accounts in-product. Guests delete their own photos with their guest token. Formal access, correction, or erasure requests: cameramomento@gmail.com (48-hour target response; 30 days for formal grievances under India DPDP).

Signed DPA

Email cameramomento@gmail.com with your company name, event volume, and jurisdiction. We provide a one-page DPA addendum for agency and corporate accounts on request.

See also Privacy Policy and Partner program.