For businesses, schools, agencies, and API customers who need a data processing agreement (DPA) with TextSight. This page summarises the terms and how to get a signed copy.
When you use TextSight to process personal data of your own users, students, or customers, you are the data controller and TextSight (Lacewing Technologies) acts as a data processor on your behalf. Our DPA governs that relationship and supplements our Terms of Service.
You (the customer) determine the purposes and means of processing the personal data you submit — you are the controller. TextSight processes that data only to provide the service and on your documented instructions — we are the processor.
We process the data you submit (such as text and files you run through our tools, and the account data of your users) for the purpose of providing detection, rewriting, and related features, for the duration of your use of the service.
We maintain appropriate technical and organisational measures to protect personal data, as described on our Security page (encryption in transit and at rest, access controls, monitoring, and authentication).
We use the subprocessors listed on our Subprocessors page to deliver the service. Under the DPA we remain responsible for our subprocessors and will inform DPA customers of material changes.
If we become aware of a personal data breach affecting your data, we will notify you without undue delay and provide the information you reasonably need to meet your own notification obligations.
We will assist you, taking into account the nature of the processing, in responding to requests from data subjects exercising their rights (access, deletion, correction, and so on).
On termination, and on your request, we will delete or return the personal data we process on your behalf, subject to any legal retention requirements and our normal backup expiry.
Where personal data is transferred internationally via our subprocessors, the DPA incorporates appropriate safeguards such as Standard Contractual Clauses.