Effective Date: 06/27/2025

This Data Processing Addendum (“DPA”) forms part of the Terms of Service between you (“Customer”) and Amazeo (“Processor”) and governs the processing of personal data submitted to Amazeo in connection with the use of its services.

1. Definitions

“Personal Data” means any information relating to an identified or identifiable natural person.

“Processing” means any operation performed on Personal Data, including collection, storage, alteration, access, or deletion.

“Data Controller” means the party determining the purposes and means of Processing (i.e., the Customer).

“Data Processor” means the party Processing Personal Data on behalf of the Data Controller (i.e., Amazeo).

“Data Subject” means the individual whose personal data is being processed.

“Services” refers to the Amazeo platform and associated features available via amazeo.ai.

2. Scope of Processing

Amazeo may process Customer Personal Data solely for the purpose of delivering Services under the Terms of Service. This includes:

Hosting uploaded videos, images, and prompts

Applying AI-based transformation to content

Delivering final assets to Customer

Providing support and analytics

We will not process Personal Data for any other purpose without documented instruction from the Customer.

3. Customer Responsibilities

The Customer confirms that:

They have lawful grounds for processing Personal Data.

Data subjects have been informed of data processing as required.

The Customer is solely responsible for the accuracy, legality, and integrity of the uploaded content.

4. Amazeo Obligations as Processor

Amazeo agrees to:

Process Personal Data only under documented Customer instructions.

Maintain appropriate technical and organizational security measures.

Ensure personnel are subject to confidentiality obligations.

Notify the Customer of any data breach without undue delay.

Provide assistance in responding to data subject requests.

Delete or return all Personal Data upon termination of the Services (unless required by law to retain it).

Provide audit support upon request (limited to once annually and subject to reasonable notice).

5. Subprocessors

Customer agrees that Amazeo may engage trusted third-party subprocessors (e.g., cloud providers, payment processors) for data hosting, analytics, and support.

A current list of subprocessors is available upon request. Amazeo ensures subprocessors meet data protection obligations equivalent to this DPA.

6. International Transfers

Amazeo may transfer Personal Data to countries outside of the EU/EEA or other jurisdictions, provided such transfers comply with data protection law, such as through:

Standard Contractual Clauses (SCCs)

Adequacy decisions

Other appropriate safeguards

7. Data Subject Rights

To the extent required by applicable law, Amazeo shall:

Assist the Customer in fulfilling requests from data subjects (e.g., access, deletion, rectification)

Inform the Customer if Amazeo receives such a request directly

8. Security Measures

Amazeo implements appropriate measures, including:

Encryption in transit and at rest

Access control and role-based permissions

Activity logging and monitoring

Incident response procedures

9. Data Breach Notification

In the event of a personal data breach, Amazeo will notify the Customer without undue delay after becoming aware, including:

The nature of the breach

Potential consequences

Measures taken or proposed to mitigate its effects

10. Duration

This DPA remains in effect for as long as Amazeo processes Personal Data on behalf of the Customer, unless superseded by a revised agreement.

11. Contact

Questions related to this DPA may be directed to:

hello@amazeo.ai

By continuing to use Amazeo, you agree to the terms of this Data Processing Addendum.