Data Processing Agreement
Last updated: February 8, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between Scribbes, Inc. ("Processor" or "Scribbes") and the customer ("Controller" or "you") and governs the processing of Personal Data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR).
For Enterprise Customers: If you require a signed DPA or have specific data processing requirements, please contact us at [email protected]
1. Definitions
"Personal Data" means any information relating to an identified or identifiable natural person that is processed by Scribbes on behalf of the Controller.
"Processing" means any operation performed on Personal Data, including collection, recording, storage, retrieval, use, disclosure, or deletion.
"Data Subject" means the individual to whom Personal Data relates.
"Sub-processor" means any third party engaged by Scribbes to process Personal Data.
2. Scope and Purpose of Processing
Scribbes processes Personal Data on behalf of the Controller for the following purposes:
- Voice-to-text transcription services
- AI-powered content generation
- Text-to-speech conversion
- AI image generation
- Content storage and management
- Service delivery and customer support
3. Data Processing Principles
Scribbes commits to processing Personal Data in accordance with the following principles:
Confidentiality
We ensure that persons authorized to process Personal Data are bound by confidentiality obligations.
Security
We implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and accidental loss, destruction, or damage.
Data Subject Rights
We assist the Controller in responding to requests from Data Subjects exercising their rights under applicable data protection laws.
International Transfers
We ensure that any transfer of Personal Data outside the EEA is subject to appropriate safeguards.
4. Security Measures
Scribbes implements the following security measures:
- Encryption: TLS 1.3 for data in transit, AES-256 for data at rest
- Access Controls: Role-based access control (RBAC) and multi-factor authentication
- Monitoring: Continuous security monitoring and logging
- Incident Response: Documented incident response procedures
- Regular Audits: Security assessments and penetration testing
- Employee Training: Regular security and privacy training for all staff
5. Sub-processors
Scribbes may engage the following sub-processors to assist in providing the Services:
| Sub-processor | Purpose | Location |
|---|---|---|
| Supabase | Database and authentication | USA |
| Deepgram | Voice transcription | USA |
| Groq | AI content generation | USA |
| Vercel | Hosting and infrastructure | USA |
We will notify you of any changes to our sub-processors and provide you with the opportunity to object.
6. Data Breach Notification
In the event of a Personal Data breach, Scribbes will:
- Notify the Controller without undue delay (within 72 hours where feasible)
- Provide details of the nature of the breach, categories and approximate number of Data Subjects affected
- Describe the likely consequences of the breach
- Outline measures taken or proposed to address the breach and mitigate its effects
- Provide contact information for further inquiries
7. Data Deletion and Return
Upon termination of the Services or upon request, Scribbes will delete or return all Personal Data to the Controller and delete existing copies, unless retention is required by applicable law. Audio recordings are automatically deleted immediately after transcription.
8. Audit Rights
Scribbes will make available to the Controller all information necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller, subject to reasonable notice and confidentiality obligations.
9. Contact Information
For questions about this DPA or to request a signed copy:
Data Protection Officer
Email: [email protected]
Enterprise Sales: [email protected]