GDPR Article 30 — Record of personal data processing activities.
| ID | Purpose | Data Categories | Legal Basis | Retention | Recipients |
|---|---|---|---|---|---|
| PA-001 | Service Delivery Core application operations, user account management, and feature access. | Name, Email, Profile picture, Organization membership | Contract (Art. 6(1)(b)) | Until account deletion | Vercel (hosting), Neon (database) |
| PA-002 | Billing & Payments Processing payments, managing subscriptions, generating invoices. | Email, Name, Payment method (via Calmony Pay), Invoice history | Contract (Art. 6(1)(b)) | 7 years (financial records) | Calmony Pay |
| PA-003 | Transactional Email Sending account notifications, team invitations, and system alerts. | Email, Name | Contract (Art. 6(1)(b)) | 30 days (email logs) | Resend |
| PA-004 | Analytics Tracking usage patterns to improve the service. Only with user consent. | Usage events, Page views, Feature interactions | Consent (Art. 6(1)(a)) | 90 days | None |
| PA-005 | Security & Audit Logging state-changing operations for security monitoring and compliance. | User ID, Action, IP address, Timestamp | Legitimate Interest (Art. 6(1)(f)) | 90 days | None |
| PA-006 | Error Monitoring Tracking application errors to maintain service reliability. PII scrubbed before transmission. | Error stack traces (PII scrubbed), Browser/device metadata | Legitimate Interest (Art. 6(1)(f)) | 30 days | Sentry (if configured) |