Data Processing Agreement

Last Updated: March 2026

This Data Processing Agreement (“DPA”) forms part of the agreement between MINDATEQ Sp. z o.o. and users of the Scriberocket Service. This agreement applies where the Company processes personal data on behalf of a user.

1. Roles of the Parties

For the purposes of data protection laws including the General Data Protection Regulation (GDPR):

  • The user acts as the Data Controller
  • MINDATEQ Sp. z o.o. acts as the Data Processor

The Company processes personal data solely to provide the Service.

2. Nature of Processing

Processing activities may include:

  • Uploading audio or video files
  • Automated transcription of recordings
  • Storage of transcripts
  • Temporary storage of files for processing

Processing is limited to what is necessary to provide the Service.

3. Categories of Data

Data processed may include:

  • Audio or video recordings
  • Speech contained in uploaded media
  • Transcript text
  • Metadata associated with files

Depending on the content uploaded by users, this may include personal data of individuals appearing in recordings.

4. Security Measures

The Company implements appropriate technical and organizational measures to protect personal data, including:

  • Encrypted data transmission
  • Access control mechanisms
  • Infrastructure monitoring
  • Security logging

These measures are designed to protect against unauthorized access, loss, or alteration of data.

5. Subprocessors

The Company may engage trusted subprocessors for infrastructure and service delivery, including:

  • Cloud infrastructure providers
  • AI processing services
  • Payment processors

Subprocessors are required to maintain appropriate data protection standards.

6. Data Subject Rights

Where applicable, the Company will assist the Controller in responding to requests from data subjects, including:

  • Access requests
  • Correction requests
  • Deletion requests

Such assistance will be provided where technically feasible.

7. Data Breach Notification

In the event of a confirmed data breach affecting personal data, the Company will notify the Controller without undue delay and provide information necessary to comply with legal obligations.

8. Data Retention and Deletion

Personal data is retained only as long as necessary to provide the Service. Upon termination of the Service or request by the Controller, personal data may be deleted unless retention is required by law.

9. International Data Transfers

Where data is transferred outside the European Economic Area, appropriate safeguards will be implemented in accordance with applicable data protection laws.

10. Governing Law

This DPA shall be governed by the laws of Poland and applicable EU data protection regulations.

11. Contact

For questions related to data protection:

MINDATEQ Sp. z o.o.

Aleja Jana Pawła II, 43A/37B

01-001 Warsaw, Poland

info@scriberocket.ai