Data Processing Agreement

Last updated: June 2026

This page summarises the terms on which Mnemia processes personal data on behalf of the coaches who use it. It is designed to align with Article 28 GDPR and the Swiss FADP. A signed, full-text agreement is available for coaches who need one — email privacy@mnemia.ch.

Roles

For client (coachee) session data, the coach is the controller and Mnemia is the processor, acting only on the coach’s documented instructions. For account and billing data, Mnemia is the controller. This agreement covers the processor relationship.

Subject matter & duration

Mnemia processes the controller’s data to provide the service for as long as the account is active, and until deletion or return on termination as described below.

Nature & purpose

Capturing coaching sessions and producing transcripts, summaries, insights, and homework, and making them available to the coach and (where the coach approves) their client.

Types of data & data subjects

Identities (names, emails) and session content, which may include special-category data, relating to coaches and their clients (coachees).

Sub-processors

Mnemia engages the providers listed on our Sub-processors page, each under a data-processing agreement. We give notice of changes so the controller may object.

Security measures

• Session content encrypted at rest (AES-256-GCM) with per-coach keys.
• Audio is never stored — transcribed in memory and discarded.
• Access restricted by role; clients see only what their coach approves.
• Data stored in Switzerland; AI processing in Switzerland and the EU.

Assistance to the controller

Mnemia helps the controller respond to data-subject requests (access, correction, erasure, portability) and to meet its security, breach-notification, and impact-assessment obligations, taking into account the nature of the processing.

Personal-data breaches

Mnemia notifies the controller without undue delay after becoming aware of a personal-data breach affecting the controller’s data.

Deletion & return

On termination, the controller may export or request deletion of its data. On a client’s erasure request, the client’s identity and access are removed; a de-identified record may be retained by the coach under their own legal basis, as described in the Privacy Policy.

International transfers

Where a sub-processor processes data outside Switzerland or the EEA, transfers are protected by appropriate safeguards such as the European Commission’s Standard Contractual Clauses.

Audit

Mnemia makes available the information needed to demonstrate compliance with these obligations and supports reasonable audits on request.

This page is a working draft and does not constitute legal advice. It should be reviewed by qualified counsel and executed as a full agreement before launch.