Data Processing Agreement (DPA)

This Data Processing Agreement ("DPA") forms part of the Terms of Service when Coauthor processes personal data on behalf of a Parent User or organization.

1. Roles

• The "Controller" is the Parent User or organization.
• The "Processor" is Coauthor.

2. Purpose

Coauthor processes data solely to:

• Provide the writing platform
• Moderate and secure the community
• Deliver platform features
• Maintain safe use for children

Coauthor does not process data for advertising, profiling, or resale.

3. Confidentiality

Coauthor ensures:

• Staff and moderators are bound by confidentiality
• Only authorized personnel can access data
• Access is granted on a need-to-know basis

4. Security Measures

Coauthor maintains:

• Encrypted data storage
• Secure authentication
• Network firewalls
• Regular vulnerability scanning
• Content moderation workflows
• No private messaging

5. Sub-Processors

Coauthor may use trusted sub-processors such as:

• Hosting providers
• Database services
• Moderation tools
• Payment processors (parents only)

A list of current sub-processors can be requested at any time.

6. Parent & User Rights

Controllers may:

• Request access to stored data
• Request correction or deletion
• Request account removal
• Request a full activity log
• Withdraw consent

Requests processed within 30 days.

7. Data Retention & Deletion

Coauthor retains data only as long as needed to provide services.

Upon written request, all personal data will be deleted or anonymized within 30 days.

8. Breach Notification

In case of a data breach involving personal information:

• Coauthor will notify the parent or organization without undue delay
• Provide details of affected data
• Describe mitigation steps taken

9. Contact

For DPA inquiries:

📧 support@coauthor.co