Skip to content
PrescenePrescene
PricingFeaturesBlogFAQ
Sign inGet started
PricingFeaturesBlogFAQ
Sign inGet started

PRESCENE DATA PROCESSING ADDENDUM

Effective: January 1, 2026

This Data Processing Addendum ("DPA") supplements, and is incorporated into, the Prescene Terms of Service ("Agreement") governing use of the Services and is entered as of the Effective Date between the customer identified in the applicable Order Form or account registration ("Customer") and AI Labs, Inc. d/b/a Prescene, on its behalf and on behalf of its Affiliates, as appropriate ("Prescene"). Capitalized terms not defined in the DPA have the meanings provided in the Agreement. In this DPA, Prescene and Customer are each referred to as a "Party" and collectively as the "Parties." Customer represents it is lawfully able to enter into this Agreement and, if it is entering into the Agreement for an entity, that it has legal authority to bind that entity. By clicking "I agree," accepting the Order Form, or using the Services, Customer agrees to this Agreement.

1. Details

1.1 Scope and Roles

As part of providing the Services to the Customer under the Agreement, Prescene may Process Customer Data on behalf of Customer. Prescene acts as a Data Processor on the Customer's behalf, and this DPA governs such Processing.

1.2 Details of Processing

Prescene will only Process Customer Data for the purposes of delivering the Services to Customer pursuant to the Agreement and this DPA. Details regarding the nature, duration, as well as the types of Customer Data and categories of Data Subjects involved, are set out in Schedule 1 (Details of Processing) to this DPA. Prescene and Customer each agree to comply with their respective obligations under Data Protection Laws in connection with the Services.

2. Prescene Obligations

2.1 Customer Instructions

The Parties agree that this DPA, the Agreement (including any Order Form), and any instructions provided via the configuration tools and other tools within the Services made available by Prescene within the Services, constitute Customer's documented instructions regarding Prescene's processing of Customer Data ("Customer Instructions"). Prescene will process Customer Data only in accordance with Customer Instructions, unless required to do so by applicable law to which Prescene is subject, in which case Prescene will inform Customer of this requirement prior to processing unless legally prohibited from doing so.

2.2 Notices to Customer

Prescene will promptly inform Customer in writing if, in Prescene's opinion, a Customer Instruction violates Data Protection Laws. Prescene will, to the extent legally permitted, inform Customer if Prescene receives a legally binding request for disclosure of Customer Data by a law enforcement authority.

2.3 Confidentiality

Prescene will ensure that all persons authorized by Prescene to process Customer Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

2.4 Data Subject Requests

Prescene will, to the extent legally permitted, inform Customer if Prescene receives a request to exercise data subject rights pursuant to Data Protection Laws ("Data Subject Request") in respect of Customer Data. Prescene will not respond to any such request without Customer's prior written authorization, except that Customer authorizes Prescene to redirect Data Subject Requests as necessary to allow Customer to respond directly. Taking into account the nature of the processing, Prescene will assist Customer by implementing appropriate technical and organizational measures, in so far as this is possible, to allow Customer to respond to Data Subject Requests.

2.5 Security

Prescene will implement and maintain reasonable and appropriate organizational and technical security measures to protect Customer Data, as set forth in the Agreement.

2.6 Assistance to Customer

Prescene will, taking into account the nature of the processing and the information available to Prescene, provide reasonable assistance to Customer to help Customer comply with its obligations under Data Protection Laws including, where appropriate, the preparation of data protection impact assessments with respect to Prescene's processing of Customer Data and, where necessary, the Customer consulting with a supervisory authority with jurisdiction over such processing, if such consultation is required by Data Protection Laws.

2.7 Personal Data Breaches

Prescene will notify Customer without undue delay after becoming aware of any Personal Data Breach. Prescene will provide reasonable assistance to Customer to help Customer comply with its obligations under Data Protection Laws in respect of such Personal Data Breach.

2.8 Assessing Compliance

Prescene will, on Customer's reasonable written request and to the extent required by Data Protection Laws: (i) no more than once per year, provide Customer with Prescene's privacy and security policies and other such information necessary to demonstrate compliance with Prescene's obligations under this DPA; and (ii) provided that the Parties have an appropriate confidentiality agreement in place, allow for and contribute to audits or inspections by, or on behalf of, Customer at Customer's sole expense. Such audit or inspection must be: (A) conducted in a manner that is minimally disruptive to Prescene's business; (B) necessary to confirm that Prescene is processing Customer Data in a manner consistent with this DPA; and (C) occur no more than once per year. Where permitted by Data Protection Laws, Prescene may instead make available to Customer a summary of the Audit Reports relevant to Prescene's compliance with this DPA. Such results and documentation, including the results of any audits or inspections, shall be the Confidential Information of Prescene.

2.9 Engagement of Sub-processors

Customer hereby provides a general authorization to Prescene to engage the Sub-Processors listed in the Sub-Processor List to process Customer Data in connection with the Services. For clarity, the Sub-Processor List covers Sub-Processors engaged to process Customer Data as defined in this DPA. Prescene will notify Customer of any changes to the Sub-Processor List via blog post, notification within the Services or other reasonable means, or via email if Customer subscribes to email notifications. Customer may object to the use of such additional Sub-processor within 30 days of receiving notice of the change by contacting hello@prescene.ai. In such case, Prescene will work with Customer to address its concerns and offer commercially reasonable alternatives or solutions. If none of the alternatives or solutions are commercially feasible, in Prescene's reasonable judgment, or if the objections have not been resolved to the satisfaction of the Parties within 30 days of Prescene's receipt of Customer's objection notice, then either Party may terminate the Agreement or any Order Forms or usage regarding the Services that cannot be provided without the use of the new Sub-Processor. Any refund will be determined in accordance with the termination provisions of the Agreement.

2.10 Sub-processor Obligations

Prescene shall enter into contractual arrangements with each Sub-Processor that imposes on them obligations comparable to those imposed on Prescene under this DPA. Subject to the limitations of liability included in the Agreement, Prescene will remain liable for the acts and omissions of its Sub-Processors to the same extent Prescene would be liable under this DPA if it performed such acts or omissions itself.

2.11 Data Return or Deletion

Following expiry or termination of the Agreement, Prescene will, at Customer's instruction, return or delete Customer Data, and existing copies unless retention of Customer Data is required under applicable laws, in which case Prescene will isolate and protect it from any further processing except to the extent required by applicable laws.

3. Customer Obligations

3.1 Notices and Authorizations

Customer represents, warrants and covenants that it has provided all necessary notices, and has and shall maintain throughout the Term all necessary rights, consents and authorizations, to the extent required under Data Protection Laws, to provide the Customer Data to Prescene and to authorize Prescene to process Customer Data in connection with the Agreement, including this DPA.

3.2 Cooperation

Customer shall reasonably cooperate with Prescene to assist Prescene in performing any of its obligations under applicable Data Protection Laws.

3.3 Configurations

Without prejudice to Prescene's security obligations in Section 2.5 of this DPA, Customer acknowledges and agrees that it is responsible for certain configurations and design decisions for the Services and for implementing such configurations and design decisions (e.g., retention periods, deletion, etc.) in a manner that complies with applicable Data Protection Laws.

4. International Data Transfers

4.1 EEA and Swiss Data

Customer Data processed by Prescene under this DPA may fall within the scope of the Data Protection Laws of the European Economic Area or Switzerland ("EEA and Swiss Data"). Prescene will process any EEA and Swiss Data in compliance with this DPA. To the extent Prescene transfers EEA and Swiss Data to Affiliates or third parties outside the European Economic Area or Switzerland to provide the Services, it will do so on the basis of agreements containing SCCs that ensure appropriate safeguards for the protection of Customer Data are in place or an adequacy decision issued by the European Commission under Article 45 GDPR.

4.2 UK Data

Customer Data processed by Prescene under this DPA may fall within the scope of the Data Protection Laws of the United Kingdom ("UK Data"). Prescene will process any UK Data in compliance with this DPA and with the SCCs as amended by the UK Addendum, which are deemed entered into (and incorporated into this DPA by this reference) and completed as described in Schedule 1.

5. Further Requirements

To the extent U.S. Privacy Laws apply:

5.1 Prescene Commitments

Prescene agrees to:

  • (a) Not provide Customer with monetary or other valuable consideration in exchange for Customer Data from Customer. The parties acknowledge and agree that Customer has not "sold" (as such term is defined by U.S. Privacy Laws) Customer Data to Prescene;
  • (b) Not "sell" (as such term is defined by U.S. Privacy Laws) or "share" (as such term is defined by the CCPA) Personal Data;
  • (c) To the extent that Customer permits or instructs Prescene to process Customer Data subject to U.S. Privacy Laws in a de-identified form as part of the Services, Prescene shall (i) adopt reasonable measures to prevent such deidentified data from being used to infer information about, or otherwise being linked to, a particular natural person or household; (ii) publicly commit to maintain and use such deidentified data in that form and not attempt to re-identify the information, except as may be permitted by U.S. Privacy Laws; and (iii) before sharing de-identified data with any other party, including Sub-Processors, contractually obligate any such recipients to comply with the requirements of this provision;
  • (d) Where the Customer Data is subject to the CCPA: (i) not retain, use, disclose, or otherwise process Customer Data except as necessary for the business purposes specified in the Agreement, including without limitation as set out in Schedule 1 of this DPA; (ii) not retain, use, disclose, or otherwise process Customer Data in any manner outside of the direct business relationship between Prescene and Customer; (iii) not combine any Customer Data with Personal Data that Prescene receives from or on behalf of any other third party or collects from Prescene's own interactions with individuals, provided that Prescene may so combine Customer Data for a purpose permitted under the CCPA if directed to do so by Customer or as otherwise permitted by the CCPA; (iv) notify Customer without undue delay if Prescene determines that it can no longer meet its obligations under the CCPA; and (v) if Customer reasonably believes that Prescene's Processing of Customer Data is not consistent with the requirements of the CCPA and upon Customer's reasonable notification of the same to Prescene, the Parties will work together in good faith to remedy the issue, or, if after working together Customer reasonably determines that the issue cannot be remedied, Prescene will stop Processing the affected Customer Data upon written instruction from Customer.

5.2 Customer Commitments

Customer agrees to not take any action that would (a) render the provision of Customer Data to Prescene a "sale" under U.S. Privacy Laws or a "share" under the CCPA (or equivalent concepts under U.S. Privacy Laws); or (b) render Prescene not a "service provider" under the CCPA or "processor" under U.S. Privacy Laws.

6. Definitions

"Customer Data" means Personal Data processed by Prescene as a Processor on behalf of Customer to provide the Services. Customer Data does not include personal data that Prescene processes as a Controller, such as billing and account administration data (e.g., billing contact details, invoicing metadata, and payment/transaction records), which is governed by Prescene's Privacy Policy.

"Data Controller" has the meaning assigned to the term "controller" (or another analogous term) under Data Protection Laws.

"Data Processor" has the meaning assigned to the term "processor" (or another analogous term) under Data Protection Laws.

"Data Protection Laws" means data privacy and data protection laws applicable to Prescene's processing of Customer Data in connection with the Services.

"Data Subject" has the meaning assigned to the term "data subject" (or another analogous term) under Data Protection Laws.

"GDPR" means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

"Personal Data" has the meaning assigned to the term "personal data" or "personal information" (or another analogous term) under Data Protection Laws.

"Personal Data Breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data stored, transmitted or otherwise processed by Prescene, its Sub-Processors, or any other third parties acting on Prescene's behalf.

"Processing" has the meaning assigned to the term "processing" (or another analogous term) under Data Protection Laws.

"SCCs" means the standard contractual clauses for the transfer of personal data to third countries adopted by the EU Commission on June 4, 2021 (as may be amended, updated or replaced from time to time).

"Sub-Processors" means the sub-processors engaged by Prescene to process Customer Data in connection with the Services, listed in the Sub-Processor List.

"UK Addendum" means the UK addendum to the EU SCCs issued by the Information Commissioner under section 119A(1) of the Data Protection Act 2018.

"U.S. Privacy Laws" means the subset of Data Protection Laws applicable to residents of the United States, including without limitation the California Consumer Privacy Act ("CCPA").

Schedule 1: Details of Processing

1. Nature and Purpose

The performance of the Services under the Agreement, including but not limited to AI-powered script analysis, story intelligence, script coverage, character breakdowns, and production-ready feedback for film and television content.

2. Duration

The Term and such time required thereafter for the Parties to perform their applicable obligations following the end of the Term, including data deletion.

3. Categories of Customer Data

Customer may submit Personal Data to the Services, the categories of which will depend upon Customer's use of the Services which is determined and controlled by Customer in its sole discretion, but it may include, but is not limited to:

  • Names and contact information
  • Account credentials
  • Script and screenplay content uploaded for analysis (which may contain character names, dialogue, and narrative content)
  • Usage data and preferences
  • Any other information provided by Customer or End Users in unstructured data

4. Categories of Data Subjects

The data subjects may include, but are not limited to Customer's employees, customers, collaborators, and generally End Users of the Services.

5. Sensitive Data Transferred (if applicable)

No sensitive data is intended to be transferred unless the user includes it unexpectedly in unstructured data such as screenplay content. Prescene implements appropriate safeguards including strict purpose limitation, access restrictions, and security measures for any sensitive data that may be included in Customer Data.

6. Frequency

Continuous basis depending on Customer's use of the Services.

7. Transfers to Sub-Processors

As per Article 2.9 of the DPA, Sub-Processors will Process Customer Data as necessary to perform the Services. Such Processing will be for the duration of the Agreement, unless otherwise agreed in writing. The current list of Sub-Processors is available at prescene.ai/legal/subprocessors.

8. SCCs Information for the Transfer of UK Data

8.1 Module Two (Controller to Processor) of the SCCs apply when Customer is a Data Controller and Prescene is processing Customer Data as a Data Processor. Module Three (Processor to Sub-Processor) of the SCCs apply when Customer is a Data Processor and Prescene is processing Customer Data as a sub-processor.

8.2 For each module of the SCCs, where applicable, the following applies: (i) The optional docking clause in Clause 7 does not apply; (ii) In Clause 9, Option 2 (general written authorization) applies, and the minimum time period for prior notice of sub-processor changes shall be as set forth in Section 2.9 of the DPA; (iii) In Clause 11, the optional language does not apply; (iv) All square brackets in Clause 13 are hereby removed; (v) In Clause 17 (Option 1), the SCCs will be governed by the laws of England and Wales; (vi) In Clause 18(b), disputes will be resolved before the courts of England and Wales; (vii) This Schedule 1 contains the information required in Annex I and Annex III of the SCCs; (viii) Section 2.5 (Security) of the DPA contains the information required in Annex II of the SCCs; (ix) the competent supervisory authority is the Information Commissioner's Office ("ICO").

8.3 Data exporter(s): the Customer under the Agreement; Data importer(s): AI Labs, Inc. d/b/a Prescene, 1614 W 9th 1/2 Street, Austin, Texas 78703, Privacy Contact: hello@prescene.ai.

Contact

For questions regarding this DPA, please contact us at hello@prescene.ai.

© 2025 AI Labs, Inc. All Rights Reserved.

PrescenePrescene

Story intelligence for film and TV. Get professional-quality analysis on your screenplay in minutes, not weeks.

Product

  • Features
  • Pricing
  • Blog
  • FAQ

Company

  • Careers
  • Security

Legal

  • Privacy
  • Terms

Get Started

Get startedBook a demo

© 2025 AI Labs, Inc. All rights reserved.