CSCrescript
  • Features
  • Sample script
  • Pricing
  • FAQ
  • Blog
  • Start free
Legal document

Data Processing Agreement

Processor terms for business customers where Crescript processes personal data on behalf of the customer.

Last updated · June 7, 2026Version · 1.0

Contents

  • Parties
  • Subject matter and duration
  • Nature and purpose
  • Types of data and data subjects
  • Customer instructions
  • Confidentiality
  • Security measures
  • Subprocessors
  • International transfers
  • Assistance
  • Data breaches
  • Deletion or return
  • Audits
  • Order of precedence
  • Contact

1. Parties

This Data Processing Agreement (the "DPA") forms part of the agreement between Crescript and the customer using the Service where Crescript processes personal data on behalf of that customer.

For the purposes of this DPA:

  • Controller / Customer means the customer that determines the purposes and means of the processing of Customer Personal Data.
  • Processor / Crescript means the provider of the Service, operating under the trade name Crescript, by Magdalena Noguera Guilera, DNI/NIF 46744335D, contact legal@crescript.com.

2. Subject matter and duration

This DPA applies where Crescript processes personal data on behalf of the Customer in connection with the provision of the Service.

This DPA remains in force for as long as Crescript processes Customer Personal Data on behalf of the Customer.

3. Nature and purpose of processing

Crescript may process personal data submitted to the Service for the purpose of providing script-generation and related account functionality, including hosting, storage, generation, history, support, security, and related operational functions.

4. Types of personal data and categories of data subjects

Depending on the Customer’s use of the Service, Customer Personal Data may include:

  • names, email addresses, and contact information;
  • text prompts and user-submitted content;
  • generated outputs;
  • usage and account data; and
  • any personal data that the Customer or its end users choose to include in submitted materials.

Data subjects may include the Customer’s employees, contractors, users, customers, prospects, or other individuals whose data are submitted by or on behalf of the Customer.

5. Customer instructions

Crescript will process Customer Personal Data only on documented instructions from the Customer, unless otherwise required by applicable law.

The Customer is responsible for ensuring that it has an appropriate legal basis for the processing and for the lawfulness of the data submitted to the Service.

6. Confidentiality

Crescript will ensure that persons authorized to process Customer Personal Data are subject to appropriate confidentiality obligations.

7. Security measures

Crescript will implement appropriate technical and organizational measures designed to protect Customer Personal Data, taking into account the nature of the processing and the risks involved.

8. Subprocessors

The Customer authorizes Crescript to use subprocessors as reasonably necessary to provide the Service.

Subprocessors may include infrastructure, hosting, payment, email, security, analytics, and AI generation providers, including providers such as Cloudflare, Stripe, OpenAI, Anthropic, and Google, where relevant to the services used.

Crescript will impose data protection obligations on subprocessors as required by applicable law.

9. International transfers

Where Customer Personal Data is transferred outside the EEA, Crescript will implement appropriate safeguards required under applicable data protection law.

10. Assistance

Taking into account the nature of the processing, Crescript will provide reasonable assistance to the Customer, insofar as possible, to help the Customer respond to data subject requests or comply with applicable data protection obligations.

11. Personal data breaches

Crescript will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data processed under this DPA, unless the breach is unlikely to result in a risk to rights and freedoms or notification is otherwise not required by applicable law.

12. Deletion or return

Upon termination of the relevant services, Crescript will delete or return Customer Personal Data, unless applicable law requires retention.

13. Audits

Where required by applicable law and reasonably necessary, Crescript will make available information necessary to demonstrate compliance with this DPA, subject to appropriate confidentiality, security, and proportionality safeguards.

14. Order of precedence

If there is a conflict between this DPA and the main service terms regarding processing of Customer Personal Data, this DPA prevails to the extent of that conflict.

15. Contact

For DPA-related matters, contact legal@crescript.com.

CS

Crescript

Scripts that don't invent the numbers.

Product

  • Features
  • Sample script
  • Pricing
  • FAQ
  • Blog

Company

  • About
  • Contact

Legal

  • Privacy
  • Terms
  • Cookies
  • Legal notice
  • DPA
  • AUP
  • AI transparency

© 2026 Crescript · All rights reserved

Made for serious creators