Legal
Data Processing Addendum
DPA available on request for eligible business customers. ThoughtCite is preparing a standard Data Processing Addendum for Agency, Enterprise, and eligible EU/UK business customers.
Request process
Contact support with your company name, billing email, country, and requested effective date. Do not enter regulated or highly sensitive personal data into ThoughtCite unless your legal team has reviewed the DPA and use case.
A DPA is available by request for eligible business customers and is not automatically part of every self-serve beta subscription.
Expected DPA scope
A DPA should cover controller/processor roles, data categories, data-subject categories, processing purposes, subprocessors, cross-border transfer mechanisms, deletion or return at termination, assistance for data-subject requests, and audit/security questionnaire process where applicable.
Potential personal data categories include account information, LinkedIn profile/post data, user content, prompt/tracking data, billing metadata, support data, and logs.
Security-measures exhibit
Any security exhibit should include measures ThoughtCite can truthfully support, such as encryption in transit, access controls, logging, backups, incident response, and vendor management as those controls apply to the plan and infrastructure.
Do not claim SOC 2, HIPAA, GDPR compliance, dedicated DPO, formal certification, or enterprise-grade controls unless complete and verified.