Data Processing Agreement

Data Processing Agreement (DPA)

Last updated: April 17, 2026

1. Introduction

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Customer") and SaasAppify LLC, a Delaware limited liability company, operating the Cliprise service under the trade name "Cliprise," with a business address at 1111B S Governors Ave STE 28338, Dover, DE 19904, United States ("Processor"). This DPA governs the processing of personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on personal data.
  • "Data Subject" means an identified or identifiable natural person.
  • "Controller" means the Customer who determines the purposes and means of processing.
  • "Processor" means SaasAppify LLC, a Delaware limited liability company, with a business address at 1111B S Governors Ave STE 28338, Dover, DE 19904, United States, which operates the Cliprise service and processes personal data on behalf of the Controller.

3. Scope and Roles

3.1 Controller and Processor

Customer acts as the Controller and Processor acts as the processor of personal data on behalf of the Controller with respect to personal data processed through the Cliprise service.

3.2 Nature and Purpose

  • Nature: Providing AI-powered creative generation services
  • Purpose: To enable Customer to create visual content using AI tools
  • Duration: For the term of the service agreement
  • Types of Data: User account information, generated content, usage data
  • Data Subjects: Customer's end users and employees

4. Processor Obligations

Processor shall:

  • Process personal data only on documented instructions from Customer
  • Ensure personnel authorized to process personal data are bound by confidentiality
  • Implement appropriate technical and organizational security measures
  • Engage sub-processors only in accordance with Section 6 (Sub-Processors)
  • Assist Customer in responding to data subject requests
  • Assist Customer in ensuring compliance with data protection obligations
  • Delete or return all personal data after termination of services
  • Make available information necessary to demonstrate compliance

5. Security Measures

Processor implements appropriate technical and organizational measures including:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Incident response and breach notification procedures
  • Regular backups and disaster recovery planning
  • Employee training on data protection

6. Sub-Processors

6.1 Authorization

Customer grants general authorization for Processor to engage sub-processors. Processor maintains and updates a current list of sub-processors and will make it available to Customer upon request.

6.2 Sub-Processor Requirements

Processor ensures sub-processors are bound by data protection obligations no less protective than those in this DPA.

6.3 Changes to Sub-Processors

Processor will notify Customer of any intended changes to sub-processors, giving Customer the opportunity to object.

7. Data Subject Rights

Processor will assist Customer in fulfilling data subject requests, including:

  • Access to personal data
  • Rectification of inaccurate data
  • Erasure ("right to be forgotten")
  • Restriction of processing
  • Data portability
  • Objection to processing

8. Data Breach Notification

Processor will notify Customer without undue delay upon becoming aware of a personal data breach affecting Customer data, providing:

  • Description of the nature of the breach
  • Categories and approximate number of affected data subjects
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach

9. Data Transfers

Personal data may be transferred to countries outside the EEA. Processor ensures appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions
  • Other legally approved transfer mechanisms

10. Audits and Compliance

Customer may audit Processor's compliance with this DPA once per year, subject to:

  • 30 days prior written notice
  • Reasonable business hours
  • Confidentiality obligations
  • Reimbursement of Processor's reasonable costs

11. Data Deletion

Upon termination of services, Processor will delete or return all personal data unless retention is required by law. Customer may request deletion at any time during the service period.

12. Liability and Indemnification

Each party's liability under this DPA is subject to the limitations of liability in the main service agreement.

13. Term and Termination

This DPA remains in effect for the duration of the service agreement and survives termination with respect to obligations related to data deletion and security.

14. Governing Law

This DPA is governed by the laws applicable to the main service agreement.

15. Contact

For DPA-related questions, contact Processor at:

SaasAppify LLC
A Delaware limited liability company · Operator of the Cliprise service
1111B S Governors Ave STE 28338
Dover, DE 19904
United States

DPA / privacy: dpo@cliprise.app
Legal: legal@cliprise.app
General (entity): info@saasappify.com

Featured on Super Launch