Data Processing Addendum
Last updated: 2026-05-15
This Data Processing Addendum (“DPA”) is incorporated by reference into the Terms of Service for customers who are EU/UK data controllers and use SocialAI to process personal data. Replace with your final legal copy before launch.
1. Roles
You (Customer) act as the Data Controller. SocialAI acts as the Data Processor when processing personal data on your instructions.
2. Subject matter & duration
Processing covers the duration of your subscription. Categories of data processed: identifiers, content, and engagement metadata for the end-users of the social accounts you connect.
3. Security measures
- Encryption in transit (TLS 1.2+) and at rest (AES-256).
- Role-based access control with audit logs.
- SOC 2 Type II–aligned controls for subprocessors.
- Regular penetration testing and dependency scanning.
4. International transfers
Where personal data is transferred outside the EEA, we rely on Standard Contractual Clauses (SCCs) with our subprocessors.
5. Data subject requests
We assist Customers with responding to data subject requests within statutory deadlines. Contact privacy@socialai.app.
6. Sub-processor list
Current sub-processor list is maintained at /legal/privacy.