1. Parties
This Data Processing Agreement (the "DPA") forms part of the agreement between Crescript and the customer using the Service where Crescript processes personal data on behalf of that customer.
For the purposes of this DPA:
- Controller / Customer means the customer that determines the purposes and means of the processing of Customer Personal Data.
- Processor / Crescript means the provider of the Service, operating under the trade name Crescript, by Magdalena Noguera Guilera, DNI/NIF 46744335D, contact legal@crescript.com.
2. Subject matter and duration
This DPA applies where Crescript processes personal data on behalf of the Customer in connection with the provision of the Service.
This DPA remains in force for as long as Crescript processes Customer Personal Data on behalf of the Customer.
3. Nature and purpose of processing
Crescript may process personal data submitted to the Service for the purpose of providing script-generation and related account functionality, including hosting, storage, generation, history, support, security, and related operational functions.
4. Types of personal data and categories of data subjects
Depending on the Customer’s use of the Service, Customer Personal Data may include:
- names, email addresses, and contact information;
- text prompts and user-submitted content;
- generated outputs;
- usage and account data; and
- any personal data that the Customer or its end users choose to include in submitted materials.
Data subjects may include the Customer’s employees, contractors, users, customers, prospects, or other individuals whose data are submitted by or on behalf of the Customer.
5. Customer instructions
Crescript will process Customer Personal Data only on documented instructions from the Customer, unless otherwise required by applicable law.
The Customer is responsible for ensuring that it has an appropriate legal basis for the processing and for the lawfulness of the data submitted to the Service.
6. Confidentiality
Crescript will ensure that persons authorized to process Customer Personal Data are subject to appropriate confidentiality obligations.
7. Security measures
Crescript will implement appropriate technical and organizational measures designed to protect Customer Personal Data, taking into account the nature of the processing and the risks involved.
8. Subprocessors
The Customer authorizes Crescript to use subprocessors as reasonably necessary to provide the Service.
Subprocessors may include infrastructure, hosting, payment, email, security, analytics, and AI generation providers, including providers such as Cloudflare, Stripe, OpenAI, Anthropic, and Google, where relevant to the services used.
Crescript will impose data protection obligations on subprocessors as required by applicable law.
9. International transfers
Where Customer Personal Data is transferred outside the EEA, Crescript will implement appropriate safeguards required under applicable data protection law.
10. Assistance
Taking into account the nature of the processing, Crescript will provide reasonable assistance to the Customer, insofar as possible, to help the Customer respond to data subject requests or comply with applicable data protection obligations.
11. Personal data breaches
Crescript will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data processed under this DPA, unless the breach is unlikely to result in a risk to rights and freedoms or notification is otherwise not required by applicable law.
12. Deletion or return
Upon termination of the relevant services, Crescript will delete or return Customer Personal Data, unless applicable law requires retention.
13. Audits
Where required by applicable law and reasonably necessary, Crescript will make available information necessary to demonstrate compliance with this DPA, subject to appropriate confidentiality, security, and proportionality safeguards.
14. Order of precedence
If there is a conflict between this DPA and the main service terms regarding processing of Customer Personal Data, this DPA prevails to the extent of that conflict.
15. Contact
For DPA-related matters, contact legal@crescript.com.