Last Updated: June 14, 2026
This page summarizes Gammal Software, Inc.'s position as a processor of personal data on behalf of business customers ("Controllers") and provides our standard Data Processing Addendum (DPA) for execution under the EU GDPR, the UK GDPR, Quebec Law 25, and Canadian PIPEDA.
MetaDock is primarily a desktop product where the user's browsing data, workspaces, and profiles are stored locallyon the user's device. We typically do not process personal dataabout end users of your application through MetaDock itself. The DPA below applies when:
To execute our standard DPA, email [email protected] with subject line "DPA Request" and include:
We will return a counter-signed DPA within 5 business days. Our standard DPA incorporates the European Commission Standard Contractual Clauses (Decision 2021/914), the UK International Data Transfer Addendum, and Quebec Law 25 cross-border transfer requirements where applicable.
We engage the following subprocessors. Where personal data of EU/UK/Quebec residents is transferred outside the customer's jurisdiction, the transfer is governed by Standard Contractual Clauses or an equivalent transfer mechanism.
| Subprocessor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Subscription payment processing | United States & global |
| Mailjet | Transactional and marketing email (subscription receipts, license keys, optional newsletter) | France / European Union |
| Microsoft Clarity | Website analytics: session replays, heatmaps, click maps on metadock.app (loaded only after analytics-cookie consent) | United States, with global Microsoft infrastructure |
| Microsoft (WebView2 runtime) | Browser engine inside the MetaDock desktop application; sends standard Edge diagnostics directly to Microsoft | Global Microsoft infrastructure |
| Sentry (Functional Software, Inc.) | Application crash and error diagnostics (stack traces, application version, OS, hashed hardware ID); retained ~90 days | United States |
We will provide written notice before adding or replacing any subprocessor that processes personal data of customers covered by an executed DPA, giving you a reasonable opportunity to object.
Security measures are described in our Privacy Policy — Data Security section. We will reasonably cooperate with Controller audits required by GDPR Art. 28(3)(h) or equivalent, subject to confidentiality, scoping, and frequency limits set out in the DPA.
Personal data transferred from the EEA, UK, or Switzerland to Gammal Software in Canada is covered by the European Commission's adequacy decision for Canadian commercial organizations under PIPEDA. That adequacy decision applies only to organizations and processing subject to PIPEDA and remains under periodic review by the European Commission; where an EEA, UK, or Swiss customer requires it, we will enter into Standard Contractual Clauses (or the applicable transfer mechanism) as a supplementary measure. Transfers to subprocessors located in the United States or globally are governed by the EU Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, the Swiss DPA equivalence mechanism, or the EU–U.S. Data Privacy Framework where the subprocessor is certified.
For transfers of personal data of Quebec residents outside Quebec, we conduct a privacy impact assessment as required by Law 25 s. 17 and select subprocessors that maintain adequate protection.
Privacy Officer
Gammal Software, Inc.
303D-2967 Dundas Street West
Toronto, Ontario M6P 1Z2, Canada
[email protected] / [email protected]