Data Processing Agreement

Data Processing Agreement (DPA)

Last updated: October 9, 2025

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer") and Cliprise ("Processor") and governs the processing of personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data.
  • "Data Subject" means an identified or identifiable natural person.
  • "Controller" means the Customer who determines the purposes and means of processing.
  • "Processor" means Cliprise, which processes personal data on behalf of the Controller.

3. Scope and Roles

3.1 Controller and Processor

Customer acts as the Controller and Cliprise acts as the Processor with respect to personal data processed through the services.

3.2 Nature and Purpose

  • Nature: Providing AI-powered creative generation services
  • Purpose: To enable Customer to create visual content using AI tools
  • Duration: For the term of the service agreement
  • Types of Data: User account information, generated content, usage data
  • Data Subjects: Customer's end users and employees

4. Processor Obligations

Cliprise shall:

  • Process personal data only on documented instructions from Customer
  • Ensure personnel authorized to process personal data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Engage sub-processors only with prior written consent from Customer
  • Assist Customer in responding to data subject requests
  • Assist Customer in ensuring compliance with data protection obligations
  • Delete or return all personal data after termination of services
  • Make available information necessary to demonstrate compliance

5. Security Measures

Cliprise implements appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery planning
  • Employee training on data protection

6. Sub-Processors

6.1 Authorization

Customer grants general authorization for Cliprise to engage sub-processors. Cliprise maintains a list of current sub-processors at [URL].

6.2 Sub-Processor Requirements

Cliprise ensures sub-processors are bound by data protection obligations no less protective than those in this DPA.

6.3 Changes to Sub-Processors

Cliprise will notify Customer of any intended changes to sub-processors, giving Customer the opportunity to object.

7. Data Subject Rights

Cliprise will assist Customer in fulfilling data subject requests, including:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten")
  • Restriction of processing
  • Data portability
  • Objection to processing

8. Data Breach Notification

Cliprise will notify Customer without undue delay upon becoming aware of a personal data breach affecting Customer data, providing:

  • Description of the nature of the breach
  • Categories and approximate number of affected data subjects
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

9. Data Transfers

Personal data may be transferred to countries outside the EEA. Cliprise ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions
  • Other legally approved transfer mechanisms

10. Audits and Compliance

Customer may audit Cliprise's compliance with this DPA once per year, subject to:

  • 30 days prior written notice
  • Reasonable business hours
  • Confidentiality obligations
  • Reimbursement of Cliprise's reasonable costs

11. Data Deletion

Upon termination of services, Cliprise will delete or return all personal data unless retention is required by law. Customer may request deletion at any time during the service period.

12. Liability and Indemnification

Each party's liability under this DPA is subject to the limitations of liability in the main service agreement.

13. Term and Termination

This DPA remains in effect for the duration of the service agreement and survives termination with respect to obligations related to data deletion and security.

14. Governing Law

This DPA is governed by the laws applicable to the main service agreement.

15. Contact

For DPA-related questions, contact us at:
Email: dpo@cliprise.app