Skip to main content
Citation Safe

Data Processing Addendum

Template — Version 1.0, published July 16, 2026

This is a standard-form template made available for review before signature. It is not a signed or executed agreement, and nothing on this page by itself creates a binding data processing arrangement. To execute a signed DPA referencing your specific account, email support@citationsafe.com.

Parties

This Data Processing Addendum (“DPA”) is entered into between Digital Empire LLC, a Wyoming limited liability company with a registered address of 30 N Gould St Ste N, Sheridan, WY 82801, USA, doing business as Citation Safe (“Processor”), and the customer entity identified in the applicable order form or account (“Controller”), together the “Parties.” This DPA supplements and forms part of the Citation Safe Terms of Service.

1. Subject matter and duration

Processor processes personal data on behalf of Controller solely to provide the citation verification Service described in the Terms of Service, for the duration of the underlying subscription plus any period required for legitimate retention (see Section 6 of the Privacy Policy).

2. Nature and purpose of processing

Processing consists of: verifying citations submitted by Controller’s authorized users against public authoritative sources; storing account, authentication, and billing metadata; and, by default, storing a cryptographic hash of submitted documents rather than full document text (see Privacy Policy Section 1).

3. Categories of data subjects

Controller’s authorized users (employees, contractors, or agents who access the Service on Controller’s behalf).

4. Categories of personal data

Account identifiers (name, email), authentication metadata, usage and billing records, and, only where Controller elects to disable the hash-only default, document content submitted for verification.

5. Processor obligations

6. Sub-processing

Controller provides general authorization for Processor to engage the subprocessors listed at /subprocessors, which Processor keeps current as subprocessors are added or removed. Processor imposes data protection obligations on each subprocessor materially equivalent to those in this DPA.

7. International transfers

Where personal data originating in the EEA, UK, or Switzerland is transferred to the United States, the transfer is governed by the EU Standard Contractual Clauses (Module Two: Controller to Processor, 2021 version) and, for UK transfers, the UK International Data Transfer Addendum to the EU SCCs, incorporated by reference. Executed copies with the relevant annexes completed are provided upon signed-DPA request.

8. Audits

Processor makes available the information described in Section 5 to demonstrate compliance and permits audits, including inspections, by Controller or an auditor mandated by Controller, subject to reasonable notice, confidentiality, and no more than once per 12-month period absent a suspected breach.

9. Precedence

In the event of a conflict between this DPA and the Terms of Service on data protection matters, this DPA controls.

Executing a signed copy

This page is a public template for pre-signature review. To execute a DPA bound to your specific account and order form (with SCC annexes completed), email support@citationsafe.com with your account email and entity name.

See also: Security · Subprocessor list · Privacy policy · Terms of Service

Digital Empire LLC · 30 N Gould St Ste N, Sheridan, WY 82801. This template is provided for informational purposes and does not constitute legal advice; consult your own counsel before relying on it.