Data Processing Addendum

Last updated: July 2026

This Data Processing Addendum ("DPA") forms part of the Terms between Seencite ("Processor", "we") and the customer ("Controller", "you") and governs our processing of personal data on your behalf in connection with Seencite (the "Service"). Where the GDPR, UK GDPR, or CCPA/CPRA applies, this DPA reflects the parties' agreement on data protection. A countersigned copy is available on request at hello@seencite.com.

1. Roles

You are the Controller (or processor acting for your own customers) of the personal data contained in the sites and content you instruct us to crawl and analyze. We act solely as your Processor and process that data only on your documented instructions, including as set out in the Service and this DPA.

2. Subject matter & nature of processing

3. Our obligations

4. Sub-processors

You authorize us to engage sub-processors to provide the Service. Current sub-processors include Cloudflare (hosting, database, storage, and edge compute), Stripe (billing), our transactional-email provider, and the AI engine/API providers we query on your instruction (e.g. Anthropic, OpenAI, Perplexity, Google). We impose data-protection terms on each sub-processor no less protective than this DPA, and will give notice of intended changes so you can object. A current list is available at hello@seencite.com.

5. International transfers

Where processing involves transfers of personal data out of the EEA, UK, or Switzerland, such transfers are governed by an appropriate transfer mechanism (e.g. the EU Standard Contractual Clauses and the UK Addendum), which are incorporated into this DPA by reference where applicable.

6. Security

We maintain measures including encryption in transit, access controls and least-privilege, tenant isolation (every record is scoped to your organization), hashed credentials, secrets management, and audit logging of privileged actions. Details are summarized on our Methodology and Privacy pages.

7. Data-subject requests

Taking into account the nature of the processing, we will assist you by appropriate technical and organizational measures, insofar as possible, to respond to requests to exercise data-subject rights. You can export or delete project and account data from within the Service or by contacting us.

8. Deletion & return

On termination, we delete or return personal data processed on your behalf within a commercially reasonable period, except where retention is required by law. Crawled page content and derived analysis are deleted with the associated project.

9. Liability & precedence

This DPA is subject to the limitations of liability in the Terms. If there is a conflict between this DPA and the Terms on data protection, this DPA prevails. This is a good-faith summary DPA; have your counsel review it before relying on it for a regulated workload.

10. Contact

Data-protection questions or to request a signed copy: hello@seencite.com.