Data Processing Agreement

Last updated: 11 June 2026

1. Parties

This Data Processing Agreement is between the subscriber identified at account creation ("Controller") and Marcean Ltd (Company No. 13080774, VAT GB388797995, 86-90 Paul Street, London EC2A 4NE) ("Processor").

2. Scope and purpose

The Processor provides re:schema — an AI business identity platform. The nature of processing is limited to what is strictly necessary to deliver this service. The Controller's website may contain personal data (e.g., employee names in page content). The Processor is designed to minimise exposure to such data through the following technical safeguards:

  • Script tag identifies AI crawlers by known user-agent string at the network edge; raw request data is never stored
  • Content drift detection uses SHA-256 content hashes, not stored content
  • No cookies, tracking, or session recording
  • Crawler intelligence reports aggregate anonymised bot-type counts only

3. Duration

This DPA applies for the duration of the Controller's subscription. Upon termination, the Processor deletes all Controller data within 90 days.

4. Categories of data subjects

Visitors to the Controller's website. Given the technical safeguards above, personal data is not intentionally collected or stored.

5. Controller obligations

The Controller warrants that it has obtained all necessary consents and has a lawful basis for any personal data present on its website. The Controller is responsible for responding to data subject requests.

6. Processor obligations

The Processor shall:

  • Process personal data only on documented instructions from the Controller
  • Ensure personnel processing personal data are subject to confidentiality
  • Implement appropriate technical and organisational measures (TLS 1.3, edge-level filtering, hash-based drift detection)
  • Notify the Controller without undue delay upon becoming aware of a personal data breach
  • Delete all Controller data within 90 days of termination

7. Sub-processors

The Controller authorises the following sub-processors:

  • Cloudflare, Inc. — hosting, CDN, edge computing (US/global)
  • Resend, Inc. — transactional email delivery (US)
  • Stripe, Inc. — payment processing (US/global)

8. Governing law

This DPA is governed by the laws of England and Wales. Any disputes shall be subject to the exclusive jurisdiction of the English courts.

9. Acceptance

By subscribing to re:schema, the Controller accepts this Data Processing Agreement. A signed copy is available on request via hello@reschema.org.