Data Processing Agreement

1. Parties and Roles

When you use the Service as a business customer and upload or submit personal data for processing, you act as the data controller or processor for that data, and Audialize.com acts as your processor or sub-processor, as applicable.

2. Subject Matter and Duration

The subject matter of processing is the provision of the Audialize Service, including media ingestion, subtitle generation, transcription, translation, export handling, account administration, billing support, and security operations. Processing continues for the duration of the applicable customer relationship unless otherwise required by law.

3. Nature and Purpose of Processing

We process personal data only to provide and support the Service, maintain security, manage accounts and billing, resolve incidents, and comply with applicable law. We do not use customer content or outputs to train AI or machine learning models.

4. Categories of Data and Data Subjects

Depending on your use of the Service, processed data may include:

Data subjects may include your employees, contractors, customers, contributors, interviewees, presenters, or other individuals whose personal data is contained in content you submit.

5. Documented Instructions

We process personal data only on your documented instructions as set out in the applicable service agreement, product configuration, API requests, and other written instructions you provide, except where otherwise required by law.

6. Confidentiality and Security

We ensure that persons authorised to process personal data are bound by confidentiality obligations. We implement appropriate technical and organisational measures, including encryption in transit, access controls, least-privilege access, monitoring, logging, and environment segregation appropriate to the risk presented by the processing.

7. Sub-processors

We may engage sub-processors to provide hosting, storage, authentication, payment, AI processing, communications, and operational support. We impose data protection obligations on sub-processors that are materially consistent with this DPA. A current sub-processor list is available on request.

8. International Transfers

Where personal data is transferred outside the EEA or other restricted jurisdictions, we implement appropriate safeguards such as Standard Contractual Clauses, contractual commitments, and supplementary measures where required.

9. Assistance and Data Subject Requests

Taking into account the nature of the processing, we will provide reasonable assistance to help you respond to data subject requests, security obligations, impact assessments, and regulator inquiries, to the extent required by applicable data protection law.

10. Return or Deletion of Data

Upon termination of the Service or deletion of the account, we delete or return personal data in accordance with our retention periods and legal obligations. Uploaded media is retained for a maximum of 30 days after processing unless deleted earlier or longer retention is required by law.

11. Audit and Information Rights

Upon reasonable written request and subject to confidentiality, security, and proportionality safeguards, we will provide information reasonably necessary to demonstrate compliance with our processor obligations. Any audit rights are subject to mutual agreement on scope, timing, and operational safeguards.

12. Requesting a Signed DPA

If you need a signed controller-processor agreement for your organisation, contact privacy@audialize.com. We can provide a DPA aligned with this policy set and the applicable Audialize service agreement.