CreatorScriptAI
Sign in Get Started

Data Processing Addendum

This Data Processing Addendum (DPA) governs the processing of personal data by CreatorScript AI on behalf of enterprise customers in compliance with applicable data protection laws.

Effective Date: January 15, 2025 | Version 1.0

1. Parties and Definitions

1.1 Parties

This Data Processing Addendum ("DPA") is entered into between:

  • Data Controller: The customer organization subscribing to CreatorScript AI services
  • Data Processor: Quadbit LLC, doing business as CreatorScript AI

1.2 Definitions

"Personal Data" means any information relating to an identified or identifiable natural person processed through the Services.

"Processing" means any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or destruction.

"Services" means the CreatorScript AI platform and related services provided under the applicable service agreement.

2. Scope and Nature of Processing

2.1 Subject Matter

CreatorScript AI processes Personal Data to provide AI-powered content creation services, including content analysis, transcription, and personalized content generation.

2.2 Categories of Data Subjects

  • Customer employees and authorized users
  • Individuals featured in uploaded content (with appropriate consent)
  • Customer contacts and support personnel

2.3 Types of Personal Data

  • Contact information (names, email addresses)
  • Account and authentication data
  • Content data (audio, video, transcriptions)
  • Usage and analytics data
  • Billing and payment information

3. Data Processor Obligations

3.1 Processing Instructions

CreatorScript AI will process Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to third countries or international organizations, unless required to do so by applicable law.

3.2 Confidentiality

CreatorScript AI ensures that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

3.3 Security Measures

CreatorScript AI implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee security training and background checks
  • Incident response and breach notification procedures

4. Subprocessors

Customer provides general authorization for CreatorScript AI to engage subprocessors. A current list of subprocessors is available at creatorscript.app/subprocessors.

CreatorScript AI will:

  • Provide 30 days' notice of new subprocessors to enterprise customers
  • Ensure all subprocessors are bound by data protection obligations equivalent to this DPA
  • Remain fully liable for subprocessor performance

5. Data Subject Rights

CreatorScript AI will assist the Customer in fulfilling data subject rights requests, including:

  • Access to Personal Data
  • Rectification of inaccurate data
  • Erasure of Personal Data
  • Restriction of processing
  • Data portability
  • Objection to processing

6. Data Breach Notification

CreatorScript AI will notify the Customer without undue delay (and in any case within 72 hours) after becoming aware of a Personal Data breach affecting Customer data. The notification will include:

  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

7. International Data Transfers

Any transfer of Personal Data to third countries will be subject to appropriate safeguards, including:

  • European Commission adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules where applicable
  • Certification mechanisms approved by supervisory authorities

8. Audit and Compliance

CreatorScript AI will make available to the Customer information necessary to demonstrate compliance with this DPA and allow for and contribute to audits conducted by the Customer or an auditor mandated by the Customer.

Audit requests must be made with reasonable advance notice and conducted during normal business hours in a manner that does not unreasonably interfere with CreatorScript AI's operations.

9. Term and Termination

This DPA remains in effect for the duration of the service agreement. Upon termination:

  • CreatorScript AI will delete or return all Personal Data within 30 days
  • Account data will be retained for 90 days for potential account recovery
  • Backup copies may be retained for up to 180 days for disaster recovery purposes
  • Data required to be retained by law will be securely stored until legally permissible to delete

10. Governing Law

This DPA is governed by the laws of the State of Texas, United States, without regard to conflict of law principles. For customers subject to GDPR, the DPA will be interpreted in accordance with GDPR requirements.

Accept Data Processing Addendum

By completing this form, you are accepting the Data Processing Addendum on behalf of your organization. This creates a legally binding agreement between your organization and CreatorScript AI.

Need help or have questions? Contact our legal team at legal@creatorscript.app

Back to Privacy Policy