This Data Processing Addendum ("DPA") forms part of the agreement between [SEAMCUT LEGAL ENTITY NAME] ("Seamcut", "Processor") and the customer that has accepted Seamcut's Terms of Service ("Customer", "Controller") for use of the Service ("Agreement"). It applies where Seamcut processes Personal Data on Customer's behalf in connection with the Service.
For Personal Data contained in media and other content Customer uploads to the Service ("Customer Data"), Customer is the Controller and Seamcut is the Processor. This allocation reflects that Customer determines the purposes and means of processing that content. It is not changed by Seamcut providing the underlying infrastructure or AI processing.
Seamcut remains an independent Controller for the limited account, billing, and usage data it processes to operate its business, which is governed by Seamcut's Privacy Policy rather than this DPA.
| Personal Data | Information relating to an identified or identifiable natural person, as defined by Data Protection Law. |
|---|---|
| Processing | Any operation performed on Personal Data, as defined by Data Protection Law. |
| Data Protection Law | The GDPR, the UK GDPR, and other applicable privacy and data protection laws. |
| Sub-processor | A third party engaged by Seamcut to process Customer Data. |
Seamcut will process Customer Data only on documented instructions from Customer, including as set out in the Agreement and this DPA, and as necessary to provide the Service — unless required to do otherwise by law, in which case Seamcut will inform Customer (where legally permitted). Customer's use and configuration of the Service constitute its instructions. The subject matter, duration, nature, purpose, data types, and data subject categories are described in the Annex.
Customer is responsible for the lawfulness of the Customer Data it uploads and for having an appropriate legal basis and any required consents, including from individuals who appear in uploaded media. Customer's instructions to Seamcut must comply with Data Protection Law. Customer must not upload special-category data unless it has ensured an appropriate lawful basis and additional safeguards.
Customer authorises Seamcut to engage Sub-processors to provide the Service. Seamcut will impose data protection obligations on each Sub-processor that are no less protective than those in this DPA, and remains responsible for their performance. Current Sub-processors include:
| Sub-processor | Purpose | Location |
|---|---|---|
| [HOSTING PROVIDER] | Cloud hosting & compute | [REGION] |
| [STORAGE PROVIDER] | Media file storage | [REGION] |
| [TRANSCRIPTION / AI PROVIDER] | Speech-to-text & AI processing | [REGION] |
| [PAYMENT PROCESSOR] | Subscription billing | [REGION] |
| [EMAIL PROVIDER] | Transactional email | [REGION] |
Seamcut will give Customer notice of any intended addition or replacement of a Sub-processor [via email / a subscribable page], giving Customer the opportunity to object on reasonable data protection grounds within [number] days.
Seamcut maintains technical and organisational measures appropriate to the risk, including: encryption of data in transit; access controls and least-privilege access to production systems; logical separation of customer data; secure software-development practices; regular patching; logging and monitoring; and personnel confidentiality and training. A current description of measures is available on request. Seamcut may update measures provided they do not materially reduce protection.
Seamcut will notify Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Data, and will provide information reasonably available to help Customer meet its own notification obligations. Notification is not an acknowledgement of fault.
Taking into account the nature of the processing, Seamcut will assist Customer by appropriate technical and organisational measures, insofar as possible, to respond to requests from data subjects exercising their rights. If Seamcut receives such a request directly relating to Customer Data, it will, where lawful, direct the individual to Customer rather than responding itself.
Where processing of Customer Data involves a transfer outside the EEA or UK, the parties will rely on an appropriate transfer mechanism, such as the European Commission's Standard Contractual Clauses and/or the UK International Data Transfer Addendum, which are incorporated by reference and completed using the details in the Annex, or transfers to an adequate country.
Seamcut will make available information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by Customer or an auditor it mandates — subject to reasonable notice, confidentiality, frequency limits, and Seamcut's security policies. Seamcut may satisfy audit requests by providing third-party certifications or reports where available.
On termination of the Service, or on Customer's request, Seamcut will delete or return Customer Data and delete existing copies, except where retention is required by law. Routine backups containing Customer Data are deleted on a rolling [BACKUP PERIOD] cycle.
Each party's liability under this DPA is subject to the limitations and exclusions of liability in the Agreement. Nothing in this DPA limits any liability that cannot be limited under Data Protection Law.
| Subject matter | Processing of Customer Data to provide AI video-editing functionality. |
|---|---|
| Duration | For the term of the Agreement and any retention/backup period thereafter. |
| Nature & purpose | Hosting, transcription, analysis, editing, and rendering of uploaded media as directed by Customer. |
| Types of Personal Data | Personal data contained in uploaded video/audio (e.g. images, voices, and any personal data spoken or shown); account contact data of Customer's users. |
| Categories of data subjects | Customer's personnel and account users; individuals appearing or heard in uploaded media. |
| Frequency | Continuous, for the duration of the Service. |
To request a signed copy of this DPA or ask questions, contact [PRIVACY EMAIL].