MeetBlast

Legal

Data Processing Addendum

Terms governing MeetBlast's processing of personal data on behalf of business customers.

Last updated: May 5, 2026

Status

This DPA is live and self-executing for any customer who accepts the Terms of Service. No separate signature is required. If you need a countersigned copy for a procurement review, email legal@meetblast.net.

Roles

Where MeetBlast processes personal data on a customer's behalf, the customer is the Controller and MeetBlast is the Processor. The Controller determines the purpose and means of processing. MeetBlast acts only on the Controller's documented instructions.

Categories of data

  • Identification: name, email address, avatar.
  • Calendar metadata: event time, title, conference URL, and attendee names and email addresses.
  • Usage telemetry: aggregate counters — meetings alerted, joined, snoozed, and app opens.

Data subjects

Employees, contractors, and meeting participants of the Controller organization.

Sub-processors

MeetBlast uses these sub-processors to deliver the service:

  • Supabase — managed PostgreSQL database and authentication.
  • Vercel — site hosting and edge infrastructure.
  • GitHub — release distribution for app binaries.
  • Google — calendar data provider, used at the Controller's direction.

Security

All data travels over TLS 1.2 or higher. Data at rest in Supabase is encrypted using provider-managed keys. Row-level security in the database restricts each row to the user it belongs to. Production access requires MFA and is limited to named personnel.

Data subject rights

MeetBlast assists the Controller in responding to access, correction, deletion, restriction, and portability requests within the timelines set by applicable law.

Incident notification

We notify the Controller within 72 hours of confirming a personal data breach that affects their data. The notification includes the nature of the breach, categories of data affected, and steps taken or planned. We provide reasonable assistance with investigation and required regulatory notifications.

Data retention

On termination of the underlying agreement, MeetBlast deletes all personal data processed on the Controller's behalf within 30 days — unless law requires us to hold it longer. We'll confirm deletion in writing on request.

Contact

DPA inquiries and signed copies: legal@meetblast.net.