Skip to main content
MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY • MIAMI WEB AI STUDIO • WEBSITES • APPS • AI TOOLS • BUILT IN DAYS • BOOK YOUR CALL TODAY •
MIAMI WEB AI
DPA
LEGAL

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the agreement between Nuko Nova Dynamics LLC (doing business as Miami Web AI) and the Client for the provision of services.

Last updated: April 11, 2026

DEFINITIONS

Key terms.

01

Personal Data

Any information relating to an identified or identifiable natural person as defined in GDPR Article 4(1).

02

Processing

Any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.

03

Data Controller

The Client who determines the purposes and means of Processing Personal Data.

04

Data Processor

Nuko Nova Dynamics LLC (doing business as Miami Web AI), which processes Personal Data on behalf of the Data Controller.

ROLES

Controller and processor.

For personal data processed on behalf of the Client under this Agreement, Miami Web AI acts as a processor or service provider and the Client is the controller. For personal data collected directly by Miami Web AI (for example, information collected through our website, marketing communications, or billing), Miami Web AI is the controller. See our Privacy Policy §1 (Scope and Controller) and §2.4 (Customer Data Processed on Your Behalf) for the full model.

SCOPE

Processing boundaries.

The Processor shall process Personal Data only:

  • On documented instructions from the Controller
  • For the purpose of providing the agreed services
  • In accordance with applicable data protection laws
  • As required by applicable law (with prior notice where permitted)

SECURITY

Technical measures.

The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

ENCRYPT

Personal Data in transit and at rest

ACCESS

Controls limiting data access to authorized personnel

TESTING

Regular testing and evaluation of security measures

MAINTAIN

Procedures for ongoing confidentiality, integrity, and availability

SUB

SUB-PROCESSORS

Authorized partners.

Vercel Inc.

Hosting, edge network, analytics

United States

Convex Inc.

Application database and backend

United States

Stripe Inc.

Payment processing and billing

United States

Resend

Transactional email delivery

United States

Cloudflare Inc.

Bot detection and DDoS protection (Turnstile)

United States / Global

Upstash Inc.

Rate limiting (Redis)

United States

AI model providers (OpenAI, Anthropic, ElevenLabs)

Content processing only (not authentication or financial data)

United States

GitHub Inc.

Source code management

United States

Regulated financial account aggregation providers

Secure financial account linking, balance verification, and transaction retrieval

United States

The Processor shall notify the Controller of any changes to sub-processors with at least 14 days' notice. The Controller may object to new sub-processors on reasonable grounds.

DATA SUBJECTS

Rights we support.

The Processor shall assist the Controller in responding to requests from data subjects exercising their rights under GDPR:

Right of access
Right to rectification
Right to erasure
Right to data portability
Right to object to processing

BREACH NOTIFICATION

72h

In the event of a data breach affecting Personal Data processed under this Agreement, the Processor shall notify the Controller and any required regulatory authorities without undue delay and, in accordance with applicable law, typically within 72 hours of becoming aware of the breach. Notifications will describe the nature and scope of the incident, the categories and approximate number of data subjects affected, the likely consequences, and the measures taken or proposed to address it. This commitment mirrors our Privacy Policy §8.5 (Data Breach Notification).

RETENTION & DELETION

§7

Retention and deletion of Personal Data is governed by our Privacy Policy §7 (Data Retention). Upon termination of this Agreement or the underlying Contract, the Processor will delete or return Personal Data processed on behalf of the Client in accordance with the retention periods stated in Privacy §7, subject to legal, tax, and accounting retention obligations (including but not limited to a seven-year retention period for billing and tax records required by US law).

Certification of deletion is available upon request where operationally feasible and not contradicted by applicable legal retention obligations.

INTERNATIONAL TRANSFERS

Cross-border data.

Personal Data may be transferred to and processed in the United States. For EU data subjects, such transfers are governed by Standard Contractual Clauses (SCCs) as adopted by the European Commission.

CONTACT

Request a signed copy.

For questions about this DPA, to exercise data subject rights, or to request a signed copy, contact us at any of the addresses below.

Nuko Nova Dynamics LLC (doing business as Miami Web AI)

66 W Flagler Street, Suite 900, Miami, FL 33130

Legal: legal@miamiweb.ai

Privacy: privacy@miamiweb.ai

Data Protection Officer: dpo@miamiweb.ai

Privacy Policy Terms of Service Security