Skip to content

Data Processing Addendum

Effective 2026-05-22 · Last updated 2026-05-22

This Data Processing Addendum ("DPA") forms part of the Terms of Service between Eena Private Limited and the merchant or brand using beyondRegular. It explains how we process personal data when we provide the Service.

1. Roles

For merchant account data, billing data, and support communications, Eena Private Limited acts as an independent controller. For content and configuration data that a merchant uploads or configures in the Service, we act as a processor/service provider and process that data only to provide, secure, support, and improve the Service.

For Shopify storefront shopper interactions, beyondRegular is designed to collect aggregate widget analytics and attribution signals without collecting shopper names, emails, phone numbers, addresses, payment details, or other protected customer data.

2. Processing Details

Subject matterProviding shoppable video widgets, media hosting, product attachment, analytics, billing, and support.
DurationFor the merchant's subscription term, plus the retention periods described in our Privacy Policy.
Data subjectsMerchant users, brand team members, and anonymous storefront visitors who interact with widgets.
Data categoriesMerchant account details, uploaded media, product/preset configuration, support messages, subscription status, aggregate widget events, anonymous session identifiers, order value and currency for attribution where available.
Sensitive dataThe Service is not intended to process sensitive personal data.

3. Processor Obligations

  • We process merchant data only to provide, secure, maintain, support, and improve the Service.
  • We ensure personnel with access to personal data are bound by confidentiality obligations.
  • We maintain appropriate technical and organizational safeguards for the nature of the data processed.
  • We do not sell personal data and do not use merchant data for third-party advertising.
  • We do not use merchant content or shopper interaction data to train machine-learning models.

4. Subprocessors

We use the subprocessors listed in our Privacy Policy to host, store, deliver, bill, and support the Service. We remain responsible for subprocessors' performance of their obligations where required by applicable data protection law.

5. Security Measures

  • HTTPS enforced for app and widget traffic.
  • Encrypted database connections and access-controlled production credentials.
  • HMAC verification for Shopify bridge writes and webhook processing.
  • Rate limiting on authentication, upload, import, and other burstable endpoints.
  • Payment card data is handled by payment processors and does not touch our servers.
  • Account deletion and Shopify shop redact flows trigger deletion workflows for merchant data.

6. Data Subject Requests

Where we act as a processor, we will reasonably assist the merchant in responding to data subject requests, deletion requests, or regulator inquiries that relate to personal data processed through the Service. Requests can be sent to connect@eenaverse.com.

7. International Transfers

Our infrastructure and subprocessors may process data in multiple regions. Where applicable, we rely on Standard Contractual Clauses, equivalent transfer safeguards, or other lawful mechanisms described in our Privacy Policy.

8. Deletion and Return

On account deletion, Shopify shop deletion, or written termination request, we delete or anonymize merchant data according to our retention schedule, except where retention is required for legal, billing, tax, fraud-prevention, or dispute-resolution purposes.

9. Contact

For DPA, privacy, or subprocessors questions, contact connect@eenaverse.com or write to:

Eena Private Limited
[14, RADHA KISHNA NAGAR, OLD NO. D03 B13,], [DD NAGAR, Dharamshala [D.D. Nagar], ], [GWALIOR], [MADHYA PRADESH] [474005], India