Data Processing Agreement

This DPA forms part of the agreement between the customer (the "Controller") and Brindleford Technologies Ltd trading as PlainPage (the "Processor"), and reflects UK GDPR Article 28 requirements.

1. Roles

The Controller determines the purposes and means of processing the uploaded audio and its outputs. The Processor processes that data only on the Controller's documented instructions.

2. Subject matter & duration

Processing covers the transcription and summarisation of audio for as long as the customer uses the service, plus any retention period thereafter.

3. Nature, purpose & data

Purpose: speech-to-text and summarisation. Data subjects: speakers in the uploaded audio. Data types: voice recordings and any personal data spoken within them.

4. Processor obligations

• Process only on documented instructions.
• Ensure personnel are bound by confidentiality.
• Implement appropriate technical and organisational security measures.
• Assist with data-subject requests and breach notification.
• Delete or return data on termination, at the Controller's choice.

5. Subprocessors

The Controller authorises the subprocessors listed in our privacy policy (Deepgram, Anthropic, Backblaze B2, Postmark, Stripe). We will give notice of changes.

6. Data residency & transfers

Audio and outputs are stored in the EU. Any transfers outside the UK/EEA rely on an approved safeguard (e.g. the IDTA or SCCs).

7. Audit

The Processor will make available information necessary to demonstrate compliance and allow for reasonable audits.

Contact

dpo@plainpage.app.