Data Processing Addendum (Light)

1. Scope and Applicability

This DPA applies to processing of Customer Personal Data by VidifyAI Studio when providing Services. It governs data protection obligations to the extent required by applicable law.

2. Roles of the Parties

Customer acts as Controller. VidifyAI Studio acts as Processor.

Where Customer acts as Processor for another controller, Customer confirms it has authority to appoint VidifyAI Studio as sub-processor.

3. Processing Details

Subject matter: AI video SaaS delivery, support, and security operations.

Nature and purpose: hosting, rendering, generation, analytics, troubleshooting, and abuse prevention.

Data categories: account data, usage data, and Customer Content containing personal data.

Data subjects: Customer personnel, account users, and end users as defined by Customer.

4. Processing Instructions

VidifyAI Studio will process personal data only on documented Customer instructions, including instructions communicated via service configuration and product settings.

5. Confidentiality and Personnel Access

VidifyAI Studio restricts access to personal data to personnel and contractors with a business need, subject to confidentiality obligations and appropriate training.

6. Security Measures

VidifyAI Studio applies appropriate technical and organizational controls designed to protect personal data against unauthorized access, loss, alteration, and disclosure.

Security controls are risk-based and may include encryption in transit, access controls, logging, monitoring, and incident response processes.

7. Subprocessors

Customer authorizes subprocessors reasonably required for service delivery, including Polar, Microsoft Azure, and analytics/observability providers.

VidifyAI Studio will impose data protection obligations on subprocessors that are no less protective than those set out in this DPA.

8. International Transfers

Where personal data is transferred across borders, VidifyAI Studio applies legally recognized transfer mechanisms and safeguards required by applicable data protection laws.

9. Data Subject Rights Assistance

Considering the nature of processing, VidifyAI Studio provides reasonable assistance for Customer to respond to data subject rights requests, where legally required and technically feasible.

10. Security Incident Notification

VidifyAI Studio will notify Customer without undue delay after confirming a personal data breach affecting Customer Personal Data, and provide available details for remediation and legal assessment.

11. Deletion and Return of Data

Upon termination or expiry of Services, VidifyAI Studio will delete or return Customer Personal Data as instructed by Customer, subject to legal retention obligations and security backup cycles.

12. Audits and Compliance Information

VidifyAI Studio will provide reasonable information to demonstrate compliance with this DPA, subject to confidentiality, proportionality, and security limitations.

13. Liability and Priority

Liability under this DPA is governed by the Terms of Service unless mandatory law states otherwise. If this DPA conflicts with the Terms on data protection matters, this DPA controls for those matters.

14. Contact

Data protection and privacy inquiries: [email protected]