Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.writerzroom.com/llms.txt

Use this file to discover all available pages before exploring further.

This Data Processing Agreement (“DPA”) is entered into between WriterzRoom (“Processor”) and the enterprise customer (“Controller”) and forms part of the WriterzRoom Terms of Service. This DPA applies to all processing of personal data carried out by WriterzRoom on behalf of the Controller in connection with the Service.
This DPA is required for Healthcare and Fintech enterprise customers and is available to all Enterprise plan subscribers. To execute a signed DPA, contact support@writerzroom.com.

1. Definitions

  • “Personal Data” means any information relating to an identified or identifiable natural person processed by WriterzRoom on behalf of the Controller.
  • “Processing” means any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • “Sub-processor” means any third party engaged by WriterzRoom to process Personal Data on behalf of the Controller.
  • “Data Subject” means the individual to whom Personal Data relates.
  • “Applicable Law” means GDPR, UK GDPR, CCPA, HIPAA (where applicable), and any other data protection legislation applicable to the Controller’s jurisdiction.

2. Scope and Role of Parties

The Controller determines the purposes and means of processing Personal Data. WriterzRoom processes Personal Data solely on documented instructions from the Controller — specifically, to deliver the AI content generation Service described in the Terms of Service. WriterzRoom does not process Personal Data for its own purposes, sell Personal Data, or use Personal Data to train AI models.

3. Controller Obligations

The Controller warrants that:
  • It has a lawful basis for processing Personal Data and for instructing WriterzRoom to process it
  • It has provided all required notices and obtained all required consents from Data Subjects
  • Its instructions to WriterzRoom comply with Applicable Law
  • It will promptly notify WriterzRoom of any changes to its instructions that may affect WriterzRoom’s compliance obligations

4. Processor Obligations

WriterzRoom agrees to:
  • Process Personal Data only on documented instructions from the Controller, unless required to do so by law
  • Ensure personnel authorized to process Personal Data are bound by appropriate confidentiality obligations
  • Implement and maintain the technical and organizational security measures described in Section 6
  • Assist the Controller in responding to Data Subject rights requests to the extent technically feasible
  • Notify the Controller without undue delay, and no later than 72 hours after becoming aware, of any Personal Data breach affecting Controller data
  • Delete or return all Personal Data upon termination of the Service, at the Controller’s election, within 30 days
  • Make available to the Controller all information reasonably necessary to demonstrate compliance with this DPA

5. Sub-processors

The Controller grants WriterzRoom general authorization to engage sub-processors. Current sub-processors are:
Sub-processorPurposeLocation
AnthropicAI content generationUnited States
OpenAIAI content generation (failover)United States
Google CloudInfrastructure hosting, Cloud SQL databaseUnited States (us-central1)
StripePayment processingUnited States
TavilyReal-time web researchUnited States
Voyage AIText embeddings and semantic searchUnited States
ResendTransactional email deliveryUnited States
LangSmith (LangChain)Pipeline observability and tracingUnited States
WriterzRoom will notify the Controller at least 10 days before engaging a new sub-processor or replacing an existing one. If the Controller objects on reasonable data protection grounds, WriterzRoom will work in good faith to address the concern. WriterzRoom imposes data protection obligations on all sub-processors no less protective than those in this DPA.

6. Security Measures

WriterzRoom maintains the following technical and organizational measures: Encryption
  • TLS 1.2+ encryption for all data in transit
  • AES-256 encryption for data at rest via Google Cloud SQL
  • Secrets and API keys managed via Google Cloud Secret Manager
Access Controls
  • Role-based access control (RBAC) with principle of least privilege
  • VPC-isolated database access — no public database endpoints
  • Multi-factor authentication required for infrastructure access
Monitoring and Incident Response
  • Continuous monitoring and automated alerting
  • Documented incident response procedure
  • Personal data breach notification within 72 hours of discovery
Availability
  • Hosted on Google Cloud Run with automatic scaling and high availability
  • Regular automated backups of Cloud SQL database

7. Data Subject Rights

WriterzRoom will assist the Controller in fulfilling Data Subject rights requests — including access, rectification, erasure, restriction, and portability — to the extent technically feasible given the nature of the processing. The Controller remains responsible for responding to Data Subjects directly.

8. International Transfers

WriterzRoom processes and stores all data in the United States (Google Cloud us-central1). For Controllers subject to GDPR or UK GDPR transferring Personal Data from the EEA or UK, such transfers are made on the basis of Standard Contractual Clauses (SCCs) as adopted by the European Commission, incorporated into this DPA by reference. A fully executed SCC addendum is available upon request at support@writerzroom.com.

9. HIPAA Considerations

For Healthcare customers whose use of the Service may involve Protected Health Information (PHI) as defined under HIPAA, WriterzRoom is prepared to enter into a Business Associate Agreement (BAA) as a supplement to this DPA.
Do not submit PHI to the Service without first executing a BAA with WriterzRoom. Contact support@writerzroom.com to initiate the BAA process.

10. Audit Rights

The Controller may, with reasonable prior notice (minimum 30 days) and no more than once per calendar year, request an audit of WriterzRoom’s data processing activities relevant to this DPA. WriterzRoom may satisfy audit requests by providing current third-party audit reports, certifications, or written responses to reasonable audit questionnaires in lieu of on-site audits.

11. Term and Termination

This DPA remains in effect for the duration of the Controller’s subscription to the Service. Upon termination, WriterzRoom will delete or return all Personal Data within 30 days unless retention is required by law.

12. Governing Law

This DPA is governed by the laws of the State of Missouri, consistent with the governing law of the Terms of Service.

13. Execution

To request a countersigned DPA for your organization, contact support@writerzroom.com with subject line “DPA Request — [Company Name]”. WriterzRoom will return an executed copy within 5 business days. Enterprise plan customers in Healthcare and Fintech verticals will be proactively contacted to complete DPA execution prior to accessing regulated-domain features.
Last modified on May 8, 2026