Data Processing Addendum

Last updated: June 25, 2026

This Data Processing Addendum (DPA) forms part of the MAI Terms of Service and applies to users processing personal data through MAI agents.

1. Roles

For personal data processed through MAI, Enzonic LLC acts as a Data Processor on behalf of the User (Data Controller). The User determines the purpose and means of processing; Enzonic LLC processes data only on the User's documented instructions.

2. Categories of Data

MAI may process the following categories of data:

  • Account data (Clerk user id, email, sign-in metadata)
  • Payment data (Stripe customer / subscription IDs; cards never touch our servers)
  • Gameplay data (Minecraft username, chat messages, inventory, world position, agent state)
  • Voice chat (when enabled, audio is processed in real time and not stored)
  • Mod uploads (stored encrypted at rest, run in sandboxed workers)
  • Support correspondence (emails to support@enzonic.com)

3. Sub-processors

Enzonic LLC engages the following sub-processors:

  • Clerk — authentication and identity
  • Stripe — payment processing
  • Supabase — database hosting
  • OpenAI / Anthropic — LLM inference
  • Google Cloud Storage — voice chat media routing
  • Cloudflare — CDN and DDoS protection

We notify users of sub-processor changes at least 30 days in advance via email.

4. International Transfers

Data may be processed in the United States, the European Economic Area, and other regions where our sub-processors operate. We rely on Standard Contractual Clauses and equivalent mechanisms for transfers from the EEA.

5. Sub-processor commitments

Each sub-processor is bound by a written agreement that includes:

  • Processing only on documented instructions
  • Confidentiality obligations for personnel
  • Appropriate technical and organizational security measures
  • Notification of personal data breaches without undue delay
  • Assistance with data subject rights requests

6. Security measures

We employ AES-256 encryption at rest, TLS 1.3 in transit, role-based access controls, audit logging, sandboxed mod execution, and continuous vulnerability scanning. See our Security page for details.

7. Data subject rights

We support data subject access, rectification, erasure, restriction, portability, and objection. Submit requests to privacy@enzonic.com; we respond within 30 days.

8. Breach notification

In the event of a personal data breach, we notify affected users and relevant supervisory authorities within 72 hours of becoming aware.

9. Data retention

  • Account data: until account deletion + 30 days
  • Gameplay data: while account is active + 90 days
  • Voice chat: real-time only, not retained
  • Backups: 30 days rolling

10. Contact

Data Protection Officer: dpo@enzonic.com
Enzonic LLC, 2261 Market Street #4818, San Francisco, CA 94114, USA

MAI — AI Minecraft Agent Platform