Data Processing Agreement

Last updated: December 29, 2024

Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between Oversearch ("Processor") and you ("Controller") for the provision of AI search optimization services.

Definitions

Terms used in this DPA have the meanings assigned in the GDPR (Regulation EU 2016/679) unless otherwise defined.

Scope and Purpose

This DPA applies to personal data processed by Oversearch on your behalf when providing services under our Terms of Service.

Data Processing Obligations

Processor Obligations

Oversearch shall:

• Process personal data only on documented instructions from you
• Ensure persons authorized to process data are bound by confidentiality
• Implement appropriate technical and organizational security measures
• Assist you in responding to data subject requests
• Notify you of any personal data breaches without undue delay
• Delete or return personal data upon termination of services

Controller Responsibilities

You are responsible for:

• Ensuring you have a legal basis for processing
• Providing clear instructions for data processing
• Obtaining necessary consents from data subjects
• Maintaining records of processing activities

Subprocessors

We engage subprocessors to assist in service delivery. A current list is available on our Subprocessors page. We will notify you of changes to subprocessors.

Data Subject Rights

We will assist you in fulfilling data subject requests (access, rectification, erasure, etc.) within a reasonable timeframe.

Security Measures

Technical and organizational measures include:

• Encryption of data in transit and at rest
• Access controls and authentication
• Regular security audits and testing
• Incident response procedures

See our Security page for full details.

Data Breach Notification

We will notify you within 48 hours of becoming aware of a personal data breach affecting your data.

Audits and Compliance

Enterprise customers may request security audits. Contact us at security@oversearch.com to arrange.

Termination

Upon termination, we will delete or return personal data within 30 days unless legally required to retain it.

Contact

For DPA inquiries: dpa@oversearch.com