Skip to main content

Data Processing Agreement

Last updated: January 2026

This Agreement complies with Egyptian Law No. 151 of 2020 on the Protection of Personal Data and its executive regulations.

Introduction

This Data Processing Agreement ("Agreement") sets out the terms under which Matjark ("Processor") processes personal data on behalf of the store owner ("Controller") under Egyptian Law No. 151 of 2020.

Roles and Responsibilities

Store Owner

The store owner is the Data Controller — they determine the purpose and means of processing.

Matjark

Matjark is the Data Processor — we process data only on the Controller's instructions.

Definitions

  • Personal Data: any information relating to an identified or identifiable natural person.
  • Processing: any operation performed on personal data, including collection, storage, use, and deletion.
  • Data Subject: the natural person to whom the personal data relates (e.g., a customer).

Scope of Processing

We process the following personal data on your behalf:

  • Customer names
  • Customer email addresses
  • Customer phone numbers
  • Delivery and shipping addresses
  • Order and purchase data
  • Payment information (we do not store raw card data)

Purposes of Processing

  • Order fulfillment and sales management
  • Analytics and business reporting for the store owner
  • Providing technical support and customer service
  • Sending order notifications to customers

Security Measures

  • Data encryption in transit (TLS 1.3) and at rest (AES-256)
  • Role-based access controls — only authorized staff can access data
  • Daily encrypted backups
  • Regular security audits and vulnerability management
  • Full row-level isolation of each store's data in the database

Sub-processors

We use the following third-party services to deliver our service:

Service Purpose
Cloudflare Cloudflare — Content Delivery Network (CDN) and DNS protection
Resend Resend — Email delivery
Sentry Sentry — Error tracking and technical issue monitoring (anonymized data)
Hetzner Hetzner — Server hosting in Germany (with backups in Egypt)

Data Breach Notification

In the event of a personal data breach, we commit to:

  • Notifying you as the store owner within 72 hours of discovery, as required by Egyptian Law 151/2020
  • Providing details of the breach — its nature, affected data, and actions taken
  • Cooperating with you in reporting to the competent Egyptian supervisory authority when required

Data Subject Rights

We assist you in fulfilling data subject requests under Law 151/2020, including:

  • Access requests
  • Rectification requests
  • Erasure requests (right to be forgotten)
  • Data portability requests
  • Objection to processing requests

Data Retention

  • Active data: retained for the duration of the active subscription
  • After service termination: retained for 90 days then permanently deleted
  • Invoice and transaction data: 5 years as required by Egyptian tax law

Termination and Data Deletion

Upon account closure or subscription expiry:

  • You may export all your data within 30 days of termination
  • After 90 days, data is permanently deleted from all systems
  • Backups are deleted within the next backup cycle (maximum 30 days)

Contact Us

For any inquiries about this Data Processing Agreement or data requests:

Email: [email protected]

WhatsApp:

Search

ESC to close