Data Processing Agreement
Last updated: June 15, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between the customer ("Controller", "you") and Márton Donát e.v. (trade name: SEENALYZE AI; registered office: Hungary, 2040 Budaörs, Ibolya utca 51-53. building: A) ("Processor", "we"). It applies where, in using the Service, you upload or process personal data of third parties — for example your own clients, their audiences, or other individuals — so that we process that personal data on your behalf. Where we determine the purposes and means of processing your own account and billing data, we act as a controller under our Privacy Policy, and that processing is not governed by this DPA.
1. Roles of the parties
For personal data you submit to the Service about third parties, you are the Controller and we are the Processor acting on your behalf. You are responsible for having a valid legal basis and the necessary notices and consents for that personal data, and for ensuring your instructions to us comply with applicable data-protection law.
2. Subject matter, nature, and duration
The processing has the following characteristics:
- Subject matter and purpose: Providing the SEENALYZE AI marketing platform — content analysis, AI-assisted generation, scheduling, publishing, and related features — as instructed by you.
- Duration: For the duration of your use of the Service and until deletion or return of the data in accordance with Section 10.
- Categories of data subjects: Determined by you, and may include your clients and their representatives, your audiences and followers, and individuals appearing in content you provide or generate.
- Types of personal data: Determined by you, and may include identifiers, contact details, social media handles and content, images and audio you upload, and engagement metrics. You must not submit special-category data unless lawful and necessary, and you remain responsible for doing so.
3. Processing on documented instructions
We process personal data only on your documented instructions, including those given through the Service and its settings, unless required to act otherwise by EU or Hungarian law (in which case we will inform you, unless legally prohibited). We will inform you if, in our opinion, an instruction infringes the GDPR or other applicable data-protection law.
4. Confidentiality
We ensure that persons authorized to process the personal data are bound by an appropriate duty of confidentiality and process the data only as needed to provide the Service.
5. Security measures
Taking into account the state of the art and the risks of the processing, we implement appropriate technical and organizational measures under Article 32 GDPR. These include encryption of data in transit (TLS) and encryption of sensitive tokens (AES-256), strict workspace isolation and access controls, and measures designed to ensure the ongoing confidentiality, integrity, and availability of the Service.
6. Sub-processors
You give us general authorization to engage sub-processors (for example hosting and storage, AI inference and generation, payment processing, transactional email, and social-platform connectivity) to provide the Service. We impose data-protection obligations on each sub-processor that are no less protective than this DPA, and we remain responsible for their performance. An up-to-date list of sub-processors, including their roles and locations, is available to controllers on request under confidentiality. We will give you reasonable notice of any intended addition or replacement of a sub-processor and a reasonable opportunity to object on legitimate data-protection grounds.
7. Assistance with data-subject rights and obligations
Taking into account the nature of the processing, we provide reasonable assistance through appropriate technical and organizational measures to help you respond to requests from data subjects exercising their rights, and to meet your obligations under Articles 32–36 GDPR (security, breach notification, data-protection impact assessments, and prior consultation). Self-service tools in the Service let you access, export, correct, and delete data you control.
8. Personal data breaches
We will notify you without undue delay after becoming aware of a personal data breach affecting personal data we process on your behalf, and provide the information reasonably available to help you meet your own notification obligations.
9. International transfers
Primary storage of personal data is located in the European Union. Where a sub-processor processes personal data outside the European Economic Area, we ensure an appropriate transfer mechanism is in place, such as the European Commission's Standard Contractual Clauses or an adequacy decision.
10. Return and deletion
On termination of the Service, or on your request, we will delete or return the personal data we process on your behalf, and delete existing copies, unless EU or Hungarian law requires continued storage (for example, statutory retention of billing and tax records).
11. Audits
We make available the information reasonably necessary to demonstrate compliance with Article 28 GDPR and allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate, subject to reasonable notice, confidentiality, and measures to protect the security and the data of other customers.
12. Liability
Each party's liability under this DPA is subject to the limitations and exclusions set out in the Terms of Service, to the extent permitted by applicable law.
13. Acceptance and contact
This DPA is effective and binding upon your acceptance of the Terms of Service while processing third-party personal data through the Service. To request a counter-signed copy or the sub-processor list, contact us. Email: