MeetBlast

Legal

Data Processing Addendum

How MeetBlast processes personal data on behalf of business customers.

Last updated: May 2, 2026

This document is a draft and may be updated before public launch. It is not legal advice.

Status

This DPA is a placeholder draft. A signed DPA will be available before any team plan launches. If you need a DPA today for a procurement review, contact legal@meetblast.net and we will share a current draft under NDA.

Subject and roles

Where MeetBlast processes personal data on behalf of a customer (the "Controller"), MeetBlast acts as Processor. The Controller determines the purposes and means of processing; MeetBlast carries out the processing in accordance with documented instructions.

Categories of data

  • Identification: name, email, avatar.
  • Calendar metadata: event time, title, conference URL, attendee names and emails.
  • Usage telemetry: aggregate counters (alerted, joined, snoozed, app opens).

Data subjects

Employees, contractors, and meeting participants of the Controller.

Sub-processors

MeetBlast uses the following sub-processors to deliver the service:

  • Supabase — managed PostgreSQL and authentication.
  • Vercel — site hosting and edge functions.
  • GitHub — release distribution.
  • Google — calendar provider used at the Controller's direction.

Security measures

All data is encrypted in transit using TLS 1.2 or higher. Data at rest in Supabase is encrypted using provider-managed keys. Row-level security restricts each row to the user it belongs to. Access to production systems is limited to named operators with multi-factor authentication.

Data subject rights

MeetBlast assists the Controller in responding to data subject requests for access, correction, deletion, restriction, and portability within the timelines required by applicable law.

Incident notification

MeetBlast will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's data, and provide reasonable assistance with investigation, mitigation, and notification.

Return or deletion

On termination of the underlying agreement, MeetBlast will delete or return all personal data processed on behalf of the Controller, except to the extent retention is required by law.

Contact

DPA inquiries and signed copies: legal@meetblast.net.