Who is Momentite for?

Teams who ship client work. Agencies, consultancies, dev shops, freelancers, product teams. If you manage projects and collaborate with clients, Momentite is for you.

Can clients mess things up?

No. Clients have read-only access to projects (except for chat, where they can message). They can see progress without breaking anything.

Is there a free plan?

No, but you get 14 days free to try everything. We believe in sustainable businesses and fair pricing.

What if I need more than 10GB?

Add storage anytime for $10 per 10GB (one-time fee). Most teams never need it.

Momentite - Simple Project Management for Agencies

This Data Processing Agreement ("DPA") is automatically incorporated into the Terms of Service between Usta Studio LLC ("Momentite", "we", "us") and you (the "Customer") when you use Momentite to process personal data.

1. Definitions

Personal Data: Any information relating to an identified or identifiable person
Controller: You, the Customer, who determines why and how personal data is processed
Processor: Momentite, who processes personal data on your behalf
Data Subject: The individuals whose personal data is processed (your clients, team members)
Sub-processor: Third-party services we use to help provide Momentite

2. Scope and Roles

Your role: You are the Controller of personal data you upload to Momentite
Our role: We are the Processor, handling data only according to your instructions
What this covers: All personal data processed through your use of Momentite

3. Our Processing Obligations

We will:

Only process personal data based on your instructions (via your use of Momentite features)
Ensure our team is bound by confidentiality agreements
Implement appropriate technical and organizational security measures
Assist you with data subject requests (export, deletion, access)
Delete or return all personal data when you close your account
Maintain records of processing activities
Notify you of any data breaches within 72 hours

We will NOT:

Sell or share personal data with third parties (except sub-processors listed below)
Use personal data for our own purposes
Process personal data outside the scope of providing Momentite
Transfer data outside our stated locations without informing you

4. Your Obligations

You must:

Have a legal basis for collecting and processing personal data
Comply with all applicable data protection laws
Inform data subjects about the processing (via your privacy policy)
Ensure you have necessary consents where required
Provide clear instructions for any specific processing needs

5. Security Measures

Technical measures:

Encryption in transit (SSL/TLS)
Encrypted passwords (bcrypt)
Regular security updates and patches
Firewalls and intrusion detection
Regular automated backups

Organizational measures:

Access controls (only essential personnel)
Confidentiality training for team members
Incident response procedures
Regular security reviews

6. Sub-processors

We use these carefully selected sub-processors to help provide Momentite:

Sub-processor	Purpose	Location
Hetzner	Infrastructure hosting	Germany (EU)
Hetzner Object Storage	File storage	Germany (EU)
Stripe	Payment processing	USA
Resend	Transactional emails	USA
Nightwatch	Uptime monitoring	EU

Changes to sub-processors:

We'll notify you of any new sub-processors via email or in-app notification
You have 30 days to object to new sub-processors
If you object, we'll work together to find a solution or you can terminate your account

7. International Transfers

Primary processing: All data processing happens in the EU (Germany)
Limited transfers: Only for payment processing (Stripe) and email delivery (Resend)
Safeguards: We ensure all transfers comply with GDPR through:
- EU-US Data Privacy Framework (where applicable)
- Standard Contractual Clauses
- Your explicit consent via these terms

8. Data Subject Rights

We'll help you respond to:

Access requests (download data)
Correction requests (edit data)
Deletion requests (delete data)
Portability requests (export data)
Restriction/objection requests

How we help:

Email [email protected] with your request
We'll respond within 48 hours
We'll complete requests within 30 days (or inform you if more time is needed)
No additional charges for standard requests

9. Data Breaches

If a breach occurs:

We'll notify you within a reasonable timeframe
We'll provide general information about what happened
We'll take steps to fix the issue

Your responsibility:

You are solely responsible for:

Notifying data subjects
Reporting to authorities
Any legal requirements in your jurisdiction
Any consequences of the breach

10. Audits and Compliance

Information requests: We'll provide reasonable information about our security practices via email
Questionnaires: We may respond to brief security questionnaires at our discretion
No on-site audits: We don't permit on-site audits or inspections
Our practices: We maintain commercially reasonable security practices but make no specific compliance certifications

11. Liability and Indemnification

Our liability: Our total liability under this DPA is limited to the amount you paid us in the last month before the incident. We are not liable for any indirect, consequential, or special damages.

Your responsibility: You are solely responsible for:

Your compliance with data protection laws
Getting proper consents from data subjects
Any regulatory fines or penalties you incur
How you use and configure Momentite

No warranties: We provide Momentite "as is" and make no warranties about compliance with any specific regulations

Force majeure: We're not liable for issues beyond our reasonable control

12. Term and Termination

Duration: This DPA remains in effect as long as you use Momentite
After termination: We'll delete your data within 30 days (unless legally required to keep it)
Survival: Confidentiality obligations survive termination

13. Data Return and Deletion

When you close your account:

Contact [email protected] to export your data before closure
After 30 days, we delete everything permanently
Backups may persist up to 90 days (then auto-deleted)
We'll provide confirmation of deletion upon request

14. Governing Law

This DPA is governed by the same law as our Terms of Service (Wyoming, USA), except where GDPR requirements take precedence for EU data processing.

15. Order of Precedence

If there's a conflict:

GDPR requirements prevail
Then this DPA
Then the Privacy Policy
Then the Terms of Service

16. Contact

For DPA questions or data requests:
[email protected]

For urgent security matters:
[email protected] (mark as "URGENT: Security")

By using Momentite, you accept this Data Processing Agreement.

This DPA is designed to clarify roles and responsibilities. You acknowledge that:

You are responsible for your own legal compliance
We provide tools, but you must ensure they meet your specific needs
If you need specific compliance guarantees, Momentite may not be suitable for you

Data Processing Agreement (DPA)