Data Processing Agreement
Effective: April 22, 2026 | Version 1.0
1. Data Controller
Mobio Labs (CEO: Sung-Rae Cho, Business Reg: 156-79-00478) acts as the Data Controller for personal data processed through the AI Teammate platform.
2. Sub-Processors
We use the following third-party sub-processors to deliver our services:
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, LLM inference (Bedrock), email delivery (SES) | All platform data (encrypted at rest) | US (us-east-1) |
| OpenAI | LLM fallback, text embeddings | Conversation text (no PII sent) | US |
| Google Cloud | OAuth authentication, LLM (optional) | OAuth tokens, email for login | US |
| Langfuse | LLM observability and cost tracking | Token usage, latency metrics (no conversation content) | EU |
| Toss Payments | Payment processing (KRW) | Transaction amount, payment key | South Korea |
| PayPal | International payment processing | Transaction amount, order ID | US |
3. Data Protection Measures
- All personal data (email, API keys) encrypted at rest using AES-256 (Fernet)
- Data in transit protected by TLS 1.3
- Database access restricted to application service accounts only
- Conversation data is not used for model training by any sub-processor
- BYOK (Bring Your Own Key) option: users can use their own API keys, bypassing our LLM sub-processors
4. Data Transfers
Data transfers to sub-processors outside the EEA are governed by:
- AWS: EU-US Data Privacy Framework (DPF) certified
- OpenAI: Standard Contractual Clauses (SCCs)
- Google: EU-US Data Privacy Framework (DPF) certified
- Langfuse: EU-based (no transfer required)
5. Data Retention
- Active accounts: data retained while account is active
- Deleted accounts: personal data purged after 30 days (re-signup possible within this period)
- Memory data: archived after 180 days of inactivity, purged after archival
- Payment records: retained for 5 years per tax regulations
6. Your Rights
Under GDPR and applicable data protection laws, you have the right to:
- Access: Download all your data (Settings > Account > Download My Data)
- Rectification: Update your profile information (Settings > Account)
- Erasure: Delete your account (Settings > Account > Delete Account)
- Portability: Export data in machine-readable JSON format
- Restriction: Contact us to restrict specific processing
7. Breach Notification
In the event of a data breach affecting personal data, we will:
- Notify the relevant supervisory authority within 72 hours
- Notify affected users without undue delay if the breach poses a high risk
- Document all breaches and remedial actions taken
8. Contact
For data protection inquiries:
Email: support@mobiolabs.net
Company: Mobio Labs
CEO / Data Protection Officer: Sung-Rae Cho