Data Processing Agreement (DPA)
For customers subject to the General Data Protection Regulation (GDPR), UK GDPR, or the California Consumer Privacy Act (CCPA).
This Data Processing Agreement ("DPA") forms part of the Terms of Service between ScribeSEO AI ("Data Processor") and the Customer ("Data Controller").
1. Scope and Applicability
This DPA applies when ScribeSEO AI processes personal data on behalf of the Customer in the course of providing the ScribeSEO AI application and services.
2. Processing of Personal Data
Nature and Purpose: ScribeSEO AI processes data solely to provide SEO optimization, content generation, and analytics services as described in the Terms of Service.
Categories of Data: Customer contact details, e-commerce product data, store analytics, and limited end-user interaction data.
3. Security Measures
We implement industry-standard security measures, including:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256).
- Role-based access controls and least privilege principles.
- Regular security audits and vulnerability scanning.
4. Subprocessors
The Customer grants general authorization for ScribeSEO AI to use Subprocessors. Our current authorized Subprocessors include:
- OpenAI: AI Model API processing (Data processing agreement in place, zero data retention for training).
- Supabase / AWS: Cloud infrastructure and database hosting (US-East/EU-Central depending on residency).
- Shopify: E-commerce platform integration.
5. International Data Transfers
Transfers of personal data originating from the EEA, UK, or Switzerland to countries not recognized as providing an adequate level of protection are governed by Standard Contractual Clauses (SCCs).
Need to execute a custom DPA?
Enterprise customers can execute a countersigned version of this agreement.
Contact our Privacy Team