Data Processing Agreement (DPA)

Last updated: 1/16/2026

1. Definitions

Controller: The entity that determines the purposes and means of processing personal data.

Processor: The entity that processes personal data on behalf of the Controller.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, storage, use, and deletion.

2. Scope and Purpose

This Data Processing Agreement ("DPA") governs the processing of personal data by Content Rabbit ("Processor") on behalf of customers ("Controller") in connection with the Content Rabbit services. This DPA supplements the Terms of Service and Privacy Policy.

3. Processing Details

3.1 Subject Matter

Processing of personal data necessary to provide Content Rabbit services.

3.2 Duration

Processing continues for the duration of the service agreement and as necessary to comply with legal obligations.

3.3 Nature and Purpose

Processing includes storage, analysis, and transmission of personal data to enable social media management, content creation, scheduling, and publishing features.

3.4 Types of Personal Data

  • Contact information (name, email, phone)
  • Account credentials and authentication data
  • Social media account tokens and profile information
  • Content and media files uploaded by users
  • Usage and analytics data
  • Payment and billing information

3.5 Categories of Data Subjects

  • Content Rabbit customers and users
  • End users whose data is processed through connected social media accounts
  • Team members and collaborators

4. Processor Obligations

Content Rabbit agrees to:

  • Process personal data only in accordance with Controller's documented instructions
  • Ensure persons authorized to process personal data are bound by confidentiality
  • Implement appropriate technical and organizational measures to ensure security
  • Assist Controller in responding to data subject requests
  • Assist Controller in ensuring compliance with GDPR obligations
  • Return or delete personal data upon termination of services
  • Make available information necessary to demonstrate compliance

5. Subprocessors

Content Rabbit may engage subprocessors to process personal data. We maintain a list of subprocessors and will notify Controllers of any changes. Controllers may object to new subprocessors with reasonable cause. Our current subprocessors are listed on our Subprocessors page.

6. Data Transfers

Where personal data is transferred outside the European Economic Area, Content Rabbit ensures appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

7. Security Measures

Content Rabbit implements industry-standard security measures including encryption, access controls, regular security audits, and secure data transmission protocols.

8. Data Breach Notification

In the event of a personal data breach, Content Rabbit will notify the Controller without undue delay and provide information necessary for the Controller to meet its breach notification obligations.

9. Contact

For questions about this DPA, please contact us at privacy@contentrabbitai.com