Data Processing Addendum

1. How to request the DPA

Email legal@tigerscribe.com with your account email, the legal name of the contracting entity, and the jurisdiction. We’ll send a counter-signed DPA within 3 business days. The DPA is also available inside the Team plan billing console once the plan is active.

2. What the DPA covers

• Processing scope — categories of personal data, purposes, durations.
• Sub-processing — our subprocessor list, change-notification process, objection rights.
• International transfers — SCCs (Module 2: Controller-to-Processor) and UK addendum.
• Security measures — Annex II reflecting our /security overview.
• Audit rights — annual third-party audit reports available under NDA.
• Breach notification — 72-hour SLA.
• Return / deletion — on termination, complete within 30 days.

3. Approved subprocessors

Current subprocessors authorized to process customer personal data:

• Vercel, Inc.

  Web hosting & edge delivery

  US, EU

• Neon, Inc.

  Postgres database hosting

  US (us-west-2)

• Cloudflare, Inc.

  Object storage (R2), DNS, DDoS, WAF

  Global edge

• Trigger.dev

  Background tasks (transcription, speaker matching)

  US

• AssemblyAI / Gladia

  AI transcription engine

  US, EU

• Anthropic

  LLM-assisted speaker name inference & anonymization

  US

• Stripe / Lemon Squeezy

  Payments & merchant of record

  US, EU

• Resend

  Transactional email

  US

We provide 30 days’ advance notice before adding a new subprocessor with access to customer personal data, and an objection window. The current subprocessor list is also published on our Security and Privacy pages.

4. Cross-border transfers

Where personal data leaves the EU/UK, we rely on the European Commission’s Standard Contractual Clauses (Module 2: Controller-to-Processor) and the UK International Data Transfer Addendum, plus a transfer impact assessment available under NDA.

5. Contact

DPA questions: legal@tigerscribe.com. Privacy and DSAR requests: dpo@tigerscribe.com.