DPA

Download PDF

Last Update: January 19, 2026

This Data Processing Agreement ("DPA") is pre-signed by Screen Studio and available for download by customers who require documentation of our data protection practices for their compliance needs. No customer signature is required - simply download and retain for your records. This DPA supplements and forms part of the Screen Studio Terms of Service ("Agreement") between:

Timpler Adam Pietrasiak trading as Screen Studio ("Data Processor")

Address: Timpler Adam Pietrasiak, ul. Jana Janowskiego 29E/1, 30-440 Kraków, Poland

Contact: team@screen.studio

and

The Customer identified in the Agreement

Effective Date: Upon Customer's download from screen.studio/legal

Table of Contents

1. Definitions

2. Processing of Personal Data

2.1. Scope and Roles

2.2. Processing Details

2.2.1. Categories of Data Subjects

2.2.2. Types of Personal Data Processed

2.3. Current Sub-processors List

2.4. Customer Instructions

3. Security Measures

3.1. Technical and Organizational Measures

4. Video Editing Effects - Blur and Highlight

5. International Data Transfers

5.1. Transfer Mechanisms

5.2. Transfer Impact Assessment

6. Data Subject Rights

6.1. Assistance with Requests

6.2. Tools Available

7. Security Incidents

7.1. Notification

7.2. Cooperation

8. Compliance

8.1. Demonstrations of Compliance

9. Data Retention and Deletion

9.1. Data Deletion

9.2. Deletion Upon Termination

10. Liability and Indemnification

10.1. Liability Cap

10.2. Indemnification

11. California Privacy Rights (CCPA)

11.1. Additional Terms for California Personal Information

12. General Provisions

12.1. Modification

12.2. Conflict

12.3. Governing Law

12.4. Severability

13. Agreement

14. Appendix 1: Data Processing Description

1. Definitions

All capitalized terms not defined herein shall have the meaning set forth in the Agreement. In this DPA:

• "Applicable Data Protection Law" means GDPR, CCPA, and any other applicable data protection laws
• "GDPR" means Regulation (EU) 2016/679 (General Data Protection Regulation)
• "CCPA" means California Consumer Privacy Act of 2018
• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" has the meaning given in the GDPR
• "Security Incident" means any breach of security leading to accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of Personal Data
• "Sub-processor" means any third party engaged by Screen Studio to Process Personal Data

2. Processing of Personal Data

2.1. Scope and Roles

• Screen Studio acts as Data Processor for Personal Data contained in customer shared screen recordings by link, and account information
• Customer acts as Data Controller, determining the purposes and means of Processing
• This DPA applies to all Processing of Personal Data by Screen Studio on behalf of Customer

2.2. Processing Details

2.2.1. Categories of Data Subjects

• Customer's employees and contractors using Screen Studio
• Individuals whose data appears in Customer's screen recordings
• Customer's clients or users visible in recordings

2.2.2. Types of Personal Data Processed

Data processed locally on user's device (never sent to Screen Studio):

• Screen recordings and project files

Screen Studio directly processes:

• Account registration data (names, email addresses, company information)
• IP addresses
• Shared links URL's of screen recording (when you choose to create shareable link)
• Support communications and tickets
• License validation and subscription status
• Recording metadata (duration, resolution, file size, creation date)
• Usage analytics (feature usage patterns for blur, highlight, export formats - when permitted)
• Statistics for shareable links

Third-party processors handle:

• Cloudflare (CDN/Cloud Storage): Shared recordings (only when you create shareable links), shareable links thumbnails
• Featurebase (Feedback): User feedback, feature requests
• Lemon Squeezy (Payment Processor): Order numbers, license keys, payment details, billing information, VAT numbers, customer names, devices names
• Linear (Project Management): Bug reports and feature requests
• Neon Inc (Database): Account data, license and payment data, shareable links data
• Plain (Support): Support communications, email tickets, customer service interactions, user emails
• Plausible (Website Analytics): Anonymized website traffic data
• Resend (Email Service): Transactional emails, notifications, authorisation emails
• Sentry (Error Monitoring): Device specifications, crash logs, error reports, IP addresses, user email (if user is logged in)
• Telegram: Open support and feedback group, user communication and feedback
• Vercel (Hosting/API): IP addresses, access logs, technical logs and metrics (app, website, server)
• WeTransfer (Support File Transfer): Debug logs, screen recordings and project files for support (only when you share for support)

Please Note:

• Screen recordings and project files remain on the user's local device unless explicitly shared
• Analytics are only active with user permission
• All optional services require user consent or explicit action to activate

Nature and Purpose of Processing:

• Providing screen recording and editing services
• Hosting and delivering recording content
• Account management and authentication
• Technical support and service improvement
• Billing and subscription management

Duration of Processing:

• For the term of the Agreement plus any retention period required by law
• Shared recording links: Until Customer requests deletion

2.3. Current Sub-processors List

2.3.1. Cloudflare (Cloud storage/CDN)

• Location: Global
• Purpose: Content delivery and file storage
• Data: Shared recordings (only when you create shareable links), shareable links thumbnails

2.3.2. Featurebase (Feedback)

• Location: Estonia
• Purpose: Feature request and feedback collection
• Data: User feedback, feature votes

2.3.3. Lemon Squeezy (Payment Processing)

• Location: United States
• Purpose: Merchant of Record, payment processing, licensing
• Data: Order numbers, license keys, payment details, billing information, VAT numbers, customer names, devices names

2.3.4. Linear (Project Management)

• Location: United States
• Purpose: Bug reports and feature requests
• Data: Bug reports and feature requests

2.3.5. Neon Inc (Database)

• Location: United States
• Purpose: Primary database for application data
• Data: Account data, license and payment data, shareable links data

2.3.6. Plain (Support)

• Location: United Kingdom
• Purpose: Support ticket management
• Data: Support emails, customer communications

2.3.7. Plausible (Website Analytics)

• Location: Estonia
• Purpose: Privacy-focused website analytics
• Data: Anonymized traffic data

2.3.8. Resend (Email)

• Location: United States
• Purpose: Transactional email delivery
• Data: Transactional emails, notifications, authorisation emails

2.3.9. PostHog (Product Analytics)

• Location: European Union
• Purpose: Product analytics and usage tracking
• Data: Feature usage events, recording metadata, device information, IP address, user email (if logged in)

2.3.10. Sentry (Error Tracking)

• Location: United States
• Purpose: Error monitoring and crash reporting
• Data: Device specifications, crash logs, error reports, IP addresses, user email (if user is logged in)

2.3.11. Telegram (Support open group)

• Location: United Arab Emirates
• Purpose: Live chat support
• Data: Chat messages, support interactions

2.3.12. Vercel (Application Hosting/API)

• Location: United States
• Purpose: Frontend hosting and deployment, backend server
• Data: IP addresses, access logs, technical logs and metrics (app, website, server)

2.3.13. WeTransfer (Support)

• Location: Netherlands
• Purpose: Large file transfers for support
• Data: Debug logs, screen recordings and project files for support (only when you share for support)

2.3.14. Speechify (Text-to-Speech)

• Location: United States
• Purpose: AI-powered text-to-speech audio generation
• Data: Text content submitted for audio generation, voice and language preferences

New sub-processors

• Screen Studio will notify Customers of significant changes to Sub-processors

2.4. Customer Instructions

Screen Studio will Process Personal Data only in accordance with Customer's documented instructions, unless required by law to do otherwise. The Agreement and this DPA constitute Customer's complete instructions.

3. Security Measures

3.1. Technical and Organizational Measures

Screen Studio implements and maintains appropriate measures including:

Technical Measures:

• Encryption in transit (TLS 1.2+) and at rest
• Access controls and authentication
• Regular security updates and patches
• Infrastructure security via cloud providers

Organizational Measures:

• Confidentiality agreements with personnel
• Limited access on need-to-know basis
• Data protection awareness training
• Incident response procedures
• Regular data protection reviews

4. Video Editing Effects - Blur and Highlight

Nature of Features: The blur and highlight features are creative video editing tools designed for visual enhancement and content focus.

Technical Implementation:

• Blur effect: Applies destructive algorithm that permanently removes pixel data in exported videos only
• Highlight effect: Emphasizes selected areas for viewer attention
• Exported files: Effects are permanently rendered into the final video output
• Project files (.screenstudio): Always contain original, unmodified recordings for re-editing purposes

NOT A REDACTION TOOL: These features are NOT designed, tested, or certified for:

• Legal redaction or compliance purposes
• GDPR/CCPA personal data protection
• HIPAA compliance or medical record protection
• Legal discovery or court proceedings
• Permanent removal of sensitive information

Customer Responsibilities:

• If privacy protection is required, use dedicated redaction software
• Never rely on blur for legal compliance
• Assume project files always contain original content
• Only share exported videos when privacy is a concern
• Implement separate compliance measures for regulated data

Limitation of Liability: Screen Studio expressly disclaims all liability for any data exposure, privacy breach, or compliance failure resulting from use of blur features for privacy protection purposes.

5. International Data Transfers

5.1. Transfer Mechanisms

For transfers outside the EEA/UK, Screen Studio ensures appropriate safeguards:

• Adequacy decisions where applicable
• Customer consent where appropriate

5.2. Transfer Impact Assessment

Available upon request for enterprise customers

6. Data Subject Rights

6.1. Assistance with Requests

Screen Studio will:

• Promptly notify Customer of any Data Subject request received
• Assist Customer in responding to requests (access, deletion, portability, etc.)
• Not respond directly to Data Subjects unless authorized by Customer

6.2. Tools Available

• Account holders can access and export their data
• Deletion of shared links is possible for the user directly, and available through support request

7. Security Incidents

7.1. Notification

• Screen Studio will notify Customer without undue delay and where feasible within 72 hours of becoming aware of a Security Incident
• Notification will include available information about the incident

7.2. Cooperation

Screen Studio will:

• Investigate the Security Incident
• Take reasonable steps to mitigate effects
• Provide reasonable assistance to Customer
• Document all Security Incidents

8. Compliance

8.1. Demonstrations of Compliance

Screen Studio will provide this data processing agreement for GDPR adherence.

9. Data Retention and Deletion

9.1. Data Deletion

Screen Studio will delete Personal Data upon Customer's instruction:

• Account data: Upon account termination request
• Shared recordings: Upon deletion request

Please note, when deleted, there is not an option to restore.

9.2. Deletion Upon Termination

Upon termination, Screen Studio will:

• Delete or return all Personal Data at Customer's choice
• Provide confirmation of deletion upon request
• Exception: Retention required by law

10. Liability and Indemnification

10.1. Liability Cap

As set forth in the Agreement between the parties

10.2. Indemnification

Each party will defend and indemnify the other against claims arising from its breach of this DPA

11. California Privacy Rights (CCPA)

11.1. Additional Terms for California Personal Information

• Screen Studio is a "Service Provider" as defined by CCPA
• Will not sell California Personal Information
• Will not retain, use, or disclose for any purpose other than providing Services
• Will provide reasonable assistance with Consumer requests

12. General Provisions

12.1. Modification

This DPA may only be modified in writing signed by both parties

12.2. Conflict

In case of conflict between this DPA and the Agreement, this DPA prevails for data protection matters

12.3. Governing Law

As specified in the Agreement

12.4. Severability

If any provision is invalid, the remainder continues in effect

---

Agreement

This DPA is pre-executed by Screen Studio and becomes effective when Customer downloads it from screen.studio/legal. By downloading and using this DPA for compliance purposes, Customer acknowledges and agrees to the terms herein.

Screen Studio has executed this DPA as of September 4, 2025

Dawid Wilewski Screen Studio

Customer Acknowledgment:

Customer's use of this DPA for their compliance needs constitutes acceptance of these terms. No additional signatures are required.

This DPA is available for download at: screen.studio/legal

Appendix 1: Data Processing Description

For Customer Records:

1. Subject Matter: Processing of Personal Data in connection with Screen Studio Services
2. Duration: As specified in Section 2.2
3. Nature and Purpose: As specified in Section 2.2
4. Categories of Data: As specified in Section 2.2
5. Categories of Data Subjects: As specified in Section 2.2
6. Customer Obligations: Ensure lawful basis for Processing, provide necessary notices to Data Subjects
7. Customer Rights: Instructions, data subject request assistance