Customer Data Processing Terms

The customer controls the personal data and business data it enters, uploads, imports, stores, or generates in Palindrome.

Palindrome processes that data to provide the service.

Customers are responsible for having a lawful basis, required PDPA notices, consents where needed, and internal authority for the data they enter, import, upload, store, or generate in Palindrome.

Customers are responsible for managing user access, limiting unnecessary personal data, reviewing generated reports, exports, customer packs, and public share links before disclosure, and responding to data-subject requests for workspace content they control.

Palindrome is responsible for processing customer workspace data to provide the service, maintaining organization scoping and role-based access controls, using reasonable safeguards, and maintaining audit, retention, and accountability records.

Palindrome assists with privacy requests, security investigations, export requests, deletion requests, anonymization requests, and minimization requests as described in the customer agreement and current product capabilities.

Supabase is Palindrome's current subprocessor and infrastructure provider for hosted database, authentication, and file storage, and Supabase may use its own authorized subprocessors under its DPA.

The current Supabase project is hosted in Singapore (`ap-southeast-1`), so customer workspace data is processed and stored outside Malaysia. Customers should not describe the service as Malaysia-local hosting.

Palindrome may use additional providers for hosting, email routing, analytics, monitoring, support, or professional services as the service changes. Palindrome will keep customer-facing disclosures aligned with material provider categories.

Policy-document evidence is currently uploaded to the public Supabase Storage bucket named `policy-documents` and tracked for retention cleanup when a policy file is attached.

The retention workflow can delete tracked Supabase Storage files where allowed, unless a legal hold or operational failure blocks cleanup. Private or signed evidence-file access remains a future hardening item.

On termination or approved deletion/anonymization request, the customer should have a 30-day export window unless an Admin records a manual override reason.

After the export window, Palindrome can disable access, revoke public share links, delete generated report rows, delete tracked evidence files where appropriate, anonymize high-risk personal fields, redact sensitive audit values, and retain only limited records needed for security, audit, legal hold, or deletion proof.

Database backups and provider logs may expire on provider-controlled schedules. Deletion or anonymization is applied to the live workspace first and should not be presented as instant removal from every backup copy.