helium

Data Processing Agreement

Last updated: 27 December 2025

This Data Processing Agreement ("DPA") forms part of the agreement between:

Controller: The customer using the Helium Rooms Service ("Customer")

Processor: Lighthouse Intelligence, a sole proprietorship (eenmanszaak) registered in the Netherlands, operating the Helium Rooms platform ("Processor")

1. Subject Matter

This DPA applies to the processing of personal data by the Processor on behalf of the Customer in connection with the Helium Rooms SaaS platform.

2. Nature and Purpose of Processing

The Processor processes personal data solely to provide and maintain the Service, including:

  • Hosting customer rooms
  • Authentication and access control
  • Integrations with third-party services
  • Customer support

3. Categories of Data and Data Subjects

Data Subjects:

  • Customer employees
  • Customer clients
  • Authorized users

Personal Data:

  • Names and email addresses
  • Authentication data
  • Uploaded files and content
  • Metadata related to Service usage

4. Obligations of the Processor

The Processor shall:

  • Process personal data only on documented instructions of the Customer
  • Implement appropriate technical and organizational security measures
  • Ensure confidentiality of personnel
  • Assist the Customer with GDPR compliance where reasonably possible
  • Notify the Customer without undue delay after becoming aware of a personal data breach

5. Sub-processors

The Customer authorizes the use of sub-processors, including but not limited to:

  • Vercel (hosting)
  • Supabase (authentication and database)
  • Stripe (payment processing)
  • Analytics providers (if enabled)

The Processor shall remain responsible for sub-processors.

6. International Transfers

Where personal data is transferred outside the EEA, appropriate safeguards such as Standard Contractual Clauses are applied.

7. Data Retention and Deletion

Upon termination of the Service, personal data will be deleted or anonymized within a reasonable period, unless retention is required by law.

8. Audit and Information

The Processor shall make available information reasonably necessary to demonstrate compliance with this DPA.

9. Liability

Liability under this DPA is subject to the limitations set forth in the Terms and Conditions.

10. Governing Law

This DPA is governed by Dutch law.