This Data Processing Agreement, or DPA, is entered into between WriterzRoom, the Processor, and the enterprise customer, the Controller. It forms part of the WriterzRoom Terms of Service. This DPA applies to personal data processed by WriterzRoom on behalf of the Controller in connection with the Service.Documentation Index
Fetch the complete documentation index at: https://docs.writerzroom.com/llms.txt
Use this file to discover all available pages before exploring further.
This DPA is available to qualifying Enterprise customers. To request a signed DPA, contact support@writerzroom.com.
Agreement Overview
Roles
Controller and Processor responsibilities.
Security
Technical and organizational safeguards.
Sub-processors
Provider categories used to deliver the Service.
Enterprise Use
Signed DPA available for qualifying Enterprise customers.
1. Definitions
- “Personal Data” means any information relating to an identified or identifiable natural person processed by WriterzRoom on behalf of the Controller.
- “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
- “Sub-processor” means any third party engaged by WriterzRoom to process Personal Data on behalf of the Controller.
- “Data Subject” means the individual to whom Personal Data relates.
- “Applicable Law” means GDPR, UK GDPR, CCPA, and any other data protection legislation applicable to the Controller’s jurisdiction.
2. Scope and Role of Parties
The Controller determines the purposes and means of processing Personal Data. WriterzRoom processes Personal Data solely on documented instructions from the Controller, specifically to deliver the AI content generation Service described in the Terms of Service. WriterzRoom does not process Personal Data for its own purposes, sell Personal Data, or use Personal Data to train AI models.3. Controller Obligations
The Controller warrants that:- It has a lawful basis for processing Personal Data and for instructing WriterzRoom to process it
- It has provided all required notices and obtained all required consents from Data Subjects
- Its instructions to WriterzRoom comply with Applicable Law
- It will promptly notify WriterzRoom of any changes to its instructions that may affect WriterzRoom’s compliance obligations
4. Processor Obligations
WriterzRoom agrees to:- Process Personal Data only on documented instructions from the Controller, unless required to do so by law
- Ensure personnel authorized to process Personal Data are bound by appropriate confidentiality obligations
- Implement and maintain the technical and organizational security measures described in Section 6
- Assist the Controller in responding to Data Subject rights requests to the extent technically feasible
- Notify the Controller without undue delay, and no later than 72 hours after becoming aware, of any Personal Data breach affecting Controller data
- Delete or return all Personal Data upon termination of the Service, at the Controller’s election, within 30 days
- Make available to the Controller all information reasonably necessary to demonstrate compliance with this DPA
5. Sub-processors
The Controller grants WriterzRoom general authorization to engage sub-processors. Current sub-processor categories are:| Sub-processor Category | Purpose | Location |
|---|---|---|
| AI generation providers | Content generation and editing workflows | United States |
| Cloud infrastructure providers | Hosting, database, storage, and availability services | United States |
| Payment processors | Subscription billing and payment processing | United States |
| Research and retrieval providers | Research enrichment, source discovery, and semantic retrieval | United States |
| Email providers | Transactional email delivery | United States |
| Monitoring providers | Reliability monitoring, diagnostics, and operational tracing | United States |
6. Security Measures
WriterzRoom maintains the following technical and organizational measures.Encryption
TLS 1.2+ for data in transit, managed encryption for data at rest, and encrypted handling of secrets, credentials, and API keys.
Access Controls
Role-based access control, least-privilege practices, restricted administrative access, and MFA for administrative access.
Monitoring and Incident Response
Platform monitoring, operational alerting, documented incident response, and personal data breach notification within 72 hours of discovery.
Availability
Managed production hosting with scaling controls, database backups, and recovery procedures.
7. Data Subject Rights
WriterzRoom will assist the Controller in fulfilling Data Subject rights requests, including access, rectification, erasure, restriction, and portability, to the extent technically feasible given the nature of the processing. The Controller remains responsible for responding to Data Subjects directly.8. International Transfers
WriterzRoom processes and stores production data in the United States. For Controllers subject to GDPR or UK GDPR transferring Personal Data from the EEA or UK, such transfers are made on the basis of Standard Contractual Clauses, or SCCs, as adopted by the European Commission and incorporated into this DPA by reference. A fully executed SCC addendum is available upon request at support@writerzroom.com.9. HIPAA Considerations
WriterzRoom is not currently intended for processing Protected Health Information, or PHI, under HIPAA unless a separate written agreement expressly permits that use.10. Audit Rights
The Controller may request an audit of WriterzRoom’s data processing activities relevant to this DPA with reasonable prior notice of at least 30 days and no more than once per calendar year. WriterzRoom may satisfy audit requests by providing current third-party audit reports, certifications, or written responses to reasonable audit questionnaires instead of on-site audits.11. Term and Termination
This DPA remains in effect for the duration of the Controller’s subscription to the Service. Upon termination, WriterzRoom will delete or return all Personal Data within 30 days unless retention is required by law.12. Governing Law
This DPA is governed by the laws of the State of Missouri, consistent with the governing law of the Terms of Service.13. Execution
To request a countersigned DPA for your organization, contact support@writerzroom.com with the subject line:DPA Request: [Company Name]
WriterzRoom will return an executed copy within 5 business days.
Enterprise customers with regulated-domain requirements should contact WriterzRoom before submitting regulated or highly sensitive data to the Service.