Data Processing Agreement
Effective Date: February 14, 2026
Last Updated: February 14, 2026
This Data Processing Agreement ("DPA") forms part of the terms governing the use of Content Checker AI by institutional, educational, and enterprise customers ("Customer") and sets out the rights and obligations of the parties with respect to the processing of personal data in accordance with GDPR, CCPA, and other applicable data protection laws.
1. Definitions
In this DPA, the following terms have the meanings set forth below:
- "Controller" means the Customer (the educational institution, organization, or enterprise) that determines the purposes and means of processing personal data.
- "Processor" means Content Checker AI, which processes personal data on behalf of the Controller.
- "Personal Data" means any information relating to an identified or identifiable natural person, including student data, writing samples, and user account information.
- "Processing" means any operation performed on personal data, including collection, storage, analysis, transmission, and deletion.
- "Data Subject" means the individual to whom personal data relates (e.g., students, employees, contractors).
- "Sub-processor" means any third party engaged by Content Checker AI to process personal data on behalf of the Customer.
2. Roles and Responsibilities
2.1 Customer as Controller
Customer acts as the Controller and is responsible for:
- Determining the lawful basis for processing personal data
- Ensuring compliance with applicable data protection laws
- Providing notices to data subjects about data processing
- Obtaining necessary consents from data subjects
- Handling data subject requests (access, rectification, deletion, etc.)
2.2 Content Checker AI as Processor
Content Checker AI acts as the Processor and is responsible for:
- Processing personal data only as instructed by the Customer
- Implementing appropriate technical and organizational security measures
- Assisting Customer in responding to data subject requests
- Notifying Customer of any data breaches
- Deleting or returning personal data upon termination
3. Scope and Purpose of Processing
3.1 Types of Personal Data Processed
Content Checker AI processes the following categories of personal data:
- Account Information: Names, email addresses, institutional affiliations
- Submitted Content: Text submitted for AI detection, voice matching, or humanization
- Writing Samples: Reference documents uploaded for authorship verification
- Usage Data: Analysis history, timestamps, feature usage
3.2 Purpose of Processing
Personal data is processed for the following purposes:
- Providing AI detection, voice matching, and humanization services
- Generating analysis reports and evidence
- Maintaining analysis history and user preferences
- Improving detection accuracy (using anonymized, aggregated data only)
3.3 Categories of Data Subjects
Data subjects may include:
- Students and learners
- Educators and administrators
- Employees and contractors
- Job applicants
4. Data Security
Content Checker AI implements appropriate technical and organizational measures to protect personal data, including:
4.1 Technical Measures
- Encryption in transit (TLS 1.3) and at rest (AES-256)
- Access controls and authentication (multi-factor where available)
- Regular security testing and vulnerability assessments
- Secure development practices and code reviews
- Logging and monitoring of system access
4.2 Organizational Measures
- Employee training on data protection and security
- Confidentiality agreements with all personnel
- Incident response and breach notification procedures
- Regular review and update of security policies
5. Sub-processors
5.1 Authorized Sub-processors
Customer consents to Content Checker AI engaging the following sub-processors:
| Sub-processor | Service | Location |
|---|---|---|
| Clerk | Authentication and user management | United States |
| Vercel | Hosting and infrastructure | United States |
| OpenAI | AI model processing | United States |
| Anthropic | AI model processing | United States |
5.2 Changes to Sub-processors
Content Checker AI will provide at least 30 days' notice before engaging new sub-processors. Customer may object to a new sub-processor on reasonable data protection grounds within 14 days of notice.
6. Data Subject Rights
Content Checker AI will assist Customer in responding to data subject requests, including:
- Right of Access: Providing data subjects with copies of their personal data
- Right to Rectification: Correcting inaccurate or incomplete data
- Right to Erasure: Deleting personal data upon request (subject to legal obligations)
- Right to Portability: Exporting data in a machine-readable format
- Right to Object: Objecting to certain processing activities
- Right to Restrict Processing: Restricting processing in certain circumstances
Customer is responsible for verifying the identity of data subjects and determining the validity of requests. Content Checker AI will respond to Customer's instructions within 14 days.
7. Data Breach Notification
In the event of a data breach, Content Checker AI will:
- Notify Customer without undue delay and within 72 hours of becoming aware of the breach
- Provide details of the breach, including affected data, approximate number of records, and potential impact
- Describe measures taken to mitigate the breach and prevent future incidents
- Cooperate with Customer in investigating and remediating the breach
Customer is responsible for notifying data subjects and regulatory authorities as required by law.
8. Data Retention and Deletion
8.1 Retention Period
Personal data is retained as follows:
- Active Accounts: Data retained while the account is active
- Inactive Accounts: Data retained for up to 1 year, then deleted
- Analysis History: Retained until Customer deletes it, or for up to 1 year if inactive
- Anonymized Data: May be retained indefinitely for model improvement
8.2 Deletion Upon Termination
Upon termination of the agreement, Content Checker AI will:
- Delete all personal data within 90 days, unless otherwise instructed by Customer
- Provide certification of deletion upon request
- Retain only data required by law (e.g., for tax, audit, or litigation purposes)
9. International Data Transfers
Personal data may be transferred to and processed in the United States and other countries. Content Checker AI ensures appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Other legally recognized transfer mechanisms
10. Audit Rights
Customer has the right to audit Content Checker AI's compliance with this DPA, subject to:
- Providing at least 30 days' notice
- Conducting audits no more than once per year (unless required by law or data breach)
- Maintaining confidentiality of information obtained during the audit
Content Checker AI will provide audit reports, certifications, and documentation upon reasonable request.
11. Liability and Indemnification
Each party is liable for its own acts and omissions under applicable data protection laws. Content Checker AI will indemnify Customer for damages arising from Content Checker AI's breach of this DPA, subject to the limitations in the main Terms of Service.
12. Governing Law
This DPA is governed by the laws of the Commonwealth of Massachusetts, United States, and applicable data protection laws including GDPR and CCPA.
13. Contact for DPA Inquiries
For questions about this DPA or to request execution of a custom DPA, contact:
- Email: dpa@contentcheckerai.com
- Address: Content Checker AI, 123 Academic Way, Suite 100, Boston, MA 02101
Note for Enterprise Customers: If you require a custom Data Processing Agreement tailored to your institution's specific requirements, please contact us at enterprise@contentcheckerai.com to discuss your needs.