BackStudios.mlStudios.ml
Sign inGet Started
Privacy PolicyTerms of ServiceCookie PolicyGDPR CompliancePIPL ComplianceCCPA NoticeData Processing AgreementAcceptable Use PolicySecurity

Last updated: January 15, 2025

Data Processing Agreement

This Data Processing Agreement ("DPA") forms part of the agreement between Studios.ml, Inc. ("Processor") and the customer ("Controller") for the provision of SEO automation services.

1. Definitions

  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation performed on Personal Data.
  • "Sub-processor" means any third party engaged by the Processor to process Personal Data.
  • "Data Subject" means the individual to whom Personal Data relates.

2. Scope and Purpose

This DPA applies to the processing of Personal Data by the Processor on behalf of the Controller in connection with the Services. The Processor shall process Personal Data only for the purposes described in this DPA and as instructed by the Controller.

3. Processing Details

Subject Matter: SEO automation and analytics services

Duration: For the term of the service agreement plus data retention period

Nature and Purpose: Website analysis, keyword tracking, content management, and reporting

Types of Personal Data: Names, email addresses, IP addresses, usage data, customer business data

Categories of Data Subjects: Controller's employees, clients, and end users

4. Processor Obligations

The Processor shall:

  • Process Personal Data only on documented instructions from the Controller
  • Ensure personnel are bound by confidentiality obligations
  • Implement appropriate technical and organizational security measures
  • Engage Sub-processors only with Controller's authorization
  • Assist the Controller in responding to Data Subject requests
  • Assist with Data Protection Impact Assessments when required
  • Delete or return Personal Data upon termination
  • Make available information to demonstrate compliance

5. Security Measures

The Processor implements the following security measures:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication mechanisms
  • Regular security assessments and penetration testing
  • Incident detection and response procedures
  • Business continuity and disaster recovery plans
  • Employee security training

6. Sub-processors

The Controller authorizes the Processor to engage Sub-processors listed on our GDPR compliance page. The Processor will notify the Controller of any changes to Sub-processors and allow reasonable time to object.

7. International Transfers

For transfers outside the EEA, the Processor ensures adequate protection through Standard Contractual Clauses (SCCs) approved by the European Commission, supplemented by additional technical and organizational measures where necessary.

8. Data Subject Rights

The Processor will assist the Controller in fulfilling its obligations to respond to Data Subject requests, including requests for access, rectification, erasure, restriction, portability, and objection.

9. Data Breach Notification

The Processor will notify the Controller of any Personal Data breach without undue delay after becoming aware of it, and in any case within 48 hours. The notification will include the nature of the breach, categories of data affected, and measures taken or proposed.

10. Audits

The Processor will make available all information necessary to demonstrate compliance with this DPA and allow for audits by the Controller or an authorized auditor, subject to reasonable notice and confidentiality requirements.

How to Execute This DPA

To execute this DPA, please contact us at legal@studios.ml with your company details. We will provide a countersigned copy for your records.