Enterprise
Data Processing Agreement
This page describes the basis on which PerfectPaper processes personal data on behalf of organizations that use our platform. A formal DPA is available on request.
Roles
Your organization (the "Controller") determines the purposes and means of processing personal data. PerfectPaper (the "Processor") processes personal data only on your behalf and under your documented instructions.
What we process
On behalf of your organization we process the content of uploaded manuscripts and the personal data of your organization's members (name, email address, and account activity) solely to provide the PerfectPaper review service.
Subprocessors
A current list of subprocessors is available on our subprocessors page . We will notify you at least 30 days before adding or replacing a subprocessor.
Security
We implement technical and organizational measures appropriate to the risk, including encryption in transit (TLS) and at rest, access controls, and regular security reviews. See our security page for details.
International transfers
Where personal data is transferred outside the EEA or UK, the transfer is protected by the EU Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA), as applicable.
Retention and deletion
We retain personal data only as long as required to provide the service or comply with applicable law. Members may delete their data at any time via the account settings. Organization owners may request bulk deletion by contacting us.
Data subject rights
We will assist you in fulfilling data subject rights requests (access, correction, erasure, portability) within the timeframes required by law. Requests may be submitted via our rights request form .
Request a DPA
Enterprise customers may request a signed DPA. Contact us at [email protected] with your organization name and the email address of your authorized signatory.