SeenandCited

SeenAndCited Data Processing Agreement (DPA)

Last Updated: June 2026

Version 1.0

1. Introduction

This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Controller") and EU Systems Ltd, operator of the SeenAndCited platform ("Processor").

This DPA applies where the Controller uses the SeenAndCited platform and personal data is processed on the Controller's behalf in connection with the Services.

This DPA supplements the SeenAndCited Terms & Conditions and Privacy Policy.

In the event of any conflict between this DPA and the Terms & Conditions, this DPA shall apply to matters relating to personal data processing.

2. Definitions

Controller

The organisation or individual that determines the purposes and means of processing personal data.

For most customers this will be:

  • The business using SeenAndCited.
  • The agency managing client websites.
  • The website owner.

Processor

EU Systems Ltd, acting through the SeenAndCited platform.

Personal Data

Any information relating to an identified or identifiable natural person.

Data Protection Laws

Applicable privacy and data protection laws governing the processing of personal data.

3. Scope Of Processing

SeenAndCited provides services including:

  • AI Visibility Monitoring
  • Citation Tracking
  • Competitor Analysis
  • Technical Website Analysis
  • Content Coverage Analysis
  • Reporting
  • Content Generation
  • Recommendation Generation
  • Workflow Management

Processing activities are limited to those reasonably necessary to provide these services.

4. Nature Of Data Processed

The platform primarily processes:

  • Account information
  • Website information
  • Monitoring configurations
  • Citation data
  • Visibility metrics
  • Reporting data
  • Generated content
  • Team management data

Public Website Content

SeenAndCited may analyse publicly accessible website content for the purpose of:

  • Technical analysis
  • Content coverage scoring
  • Visibility assessment
  • Recommendation generation

The platform is not designed to intentionally collect, extract or store personal information contained within website content.

However, publicly available information may be incidentally processed where it forms part of the analysed content.

5. Special Categories Of Data

SeenAndCited is not intended for the processing of:

  • Health information
  • Biometric information
  • Political opinions
  • Religious beliefs
  • Criminal records
  • Other special categories of personal data

Customers should not intentionally submit such information to the platform.

6. Controller Responsibilities

The Controller is responsible for:

  • Determining the lawful basis for processing.
  • Ensuring appropriate permissions have been obtained.
  • Providing any required notices to data subjects.
  • Ensuring submitted websites and content may legally be analysed through the Service.

Agencies are responsible for obtaining appropriate authorisation from their clients before adding websites to the platform.

7. Processor Responsibilities

SeenAndCited will:

  • Process personal data only as necessary to provide the Services.
  • Maintain reasonable security measures.
  • Restrict access to authorised personnel.
  • Assist with reasonable privacy-related requests where appropriate.
  • Notify customers of significant security incidents where legally required.

8. Security Measures

SeenAndCited maintains technical and organisational measures designed to protect customer information, including:

  • Authenticated account access
  • Role-based permissions
  • Encrypted communications (HTTPS/TLS)
  • Secure cloud infrastructure
  • Access controls
  • Monitoring and logging

No internet-based service can guarantee absolute security.

9. Subprocessors

SeenAndCited may engage trusted subprocessors to deliver the Services.

Current categories of subprocessors include:

Cloud Infrastructure & Data Storage

  • Supabase

Payment Processing

  • Paddle

AI Processing Providers

  • OpenAI
  • Anthropic
  • Google
  • Perplexity
  • DeepSeek

Additional subprocessors may be added from time to time where necessary to operate the platform.

10. International Transfers

Some subprocessors may process data outside the United Kingdom.

Where international transfers occur, SeenAndCited will take reasonable steps to ensure appropriate safeguards are maintained.

11. Data Retention

Customer data is retained only for as long as reasonably necessary to provide the Services and meet legal, operational and security requirements.

Unless deletion is requested:

  • Account data may be retained for up to ninety (90) days following cancellation.

Following the retention period, information may be deleted, anonymised or aggregated.

12. Data Subject Requests

Where a data subject exercises privacy rights directly with SeenAndCited regarding data controlled by a customer, we may:

  • Redirect the request to the Controller.
  • Assist the Controller in responding where reasonably appropriate.

The Controller remains responsible for responding to requests relating to its own processing activities.

13. Security Incidents

In the event of a confirmed security incident affecting personal data under this DPA, SeenAndCited will make reasonable efforts to:

  • Investigate the incident.
  • Mitigate potential harm.
  • Notify affected customers where appropriate and legally required.

14. Audit Requests

Given the nature and scale of the Services, formal audits are not automatically provided.

Customers may submit reasonable written requests regarding security and privacy practices.

SeenAndCited may satisfy such requests through:

  • Documentation
  • Policy disclosures
  • Written responses

where appropriate.

15. Termination

Upon termination of the Services:

  • Customer access will cease in accordance with the Terms & Conditions.
  • Data will be retained in accordance with the Data Retention provisions of the Privacy Policy and this DPA.
  • Customers may request deletion of applicable data where permitted by law.

16. Limitation Of Liability

The liability provisions contained within the SeenAndCited Terms & Conditions shall apply to this DPA.

Nothing in this DPA expands liability beyond the limits specified in the Terms & Conditions.

17. Governing Law

This DPA is governed by the laws of England and Wales.

Any disputes arising from this DPA shall be subject to the exclusive jurisdiction of the courts of England and Wales.

18. Contact

Questions regarding this Data Processing Agreement should be directed to:

administration@seenandcited.online

Correspondence received through this address will be reviewed by management and routed internally as appropriate.

Annex A – Processing Summary

Controller

Customer

Processor

EU Systems Ltd (SeenAndCited)

Processing Purpose

Provision of AI Visibility Monitoring, Citation Tracking, Technical Analysis, Reporting, Content Generation and Related Services.

Categories Of Data

  • Account Data
  • Website Data
  • Monitoring Data
  • Reporting Data
  • Generated Content
  • Team Management Data

Data Subjects

  • Customer Users
  • Agency Users
  • Authorised Team Members

Retention

Up to 90 days following cancellation unless deletion is requested or longer retention is required by law.