Data Processing Addendum

1. Scope and Applicability

This Data Processing Addendum ("DPA") applies to customers using the platform on behalf of a university, research institution, lab, company, or other organization, where NexGen Language Editing, LLC processes content submitted by the customer that contains personal data.

This DPA supplements our Terms of Service and Privacy Policy. In case of conflict regarding personal data processing, this DPA prevails.

2. Definitions

• "Customer" means the entity entering into this agreement on behalf of an organization and using the services.
• "Personal Data" means any data relating to an identified or identifiable natural person submitted by the Customer through the services.
• "Processing" includes any operation performed on Personal Data, including collection, storage, use, transfer, and deletion.
• "Subprocessor" means a third-party data processor engaged by us to deliver the services.

3. Roles

With respect to Personal Data contained in content submitted by the Customer through the platform, the Customer is the data controller and NexGen Language Editing, LLC is the data processor. With respect to account, billing, and security data, we act as an independent controller.

4. Purpose and Scope of Processing

We process Personal Data only as necessary to deliver the editing, translation, review, or other manuscript services requested by the Customer. We do not use Customer content for marketing, advertising, model training, or any purpose beyond service delivery.

5. Subprocessors

Our subprocessors are listed on the Subprocessors page. If we add new subprocessors, we will update that page and provide notice where reasonably practicable.

We maintain data-protection contracts with all subprocessors.

6. Security Measures

We implement appropriate technical and organizational measures to protect Personal Data, including encryption in transit (TLS), access controls, infrastructure security controls, security monitoring, and automated data-retention policies. See our Security page for details.

7. Data Retention and Deletion

Uploaded files and generated results are deleted from active storage within 90 days of order completion. Customers may request early deletion within this period. Order metadata and billing records are retained longer for compliance purposes (up to 7 years).

8. International Transfers

Personal Data may be processed in the United States and Hong Kong. We rely on contractual safeguards with our subprocessors (including Standard Contractual Clauses where applicable) to protect data transferred internationally.

9. Data Subject Rights

If a data subject exercises access, correction, deletion, or other rights with us and the request relates to content submitted by the Customer, we will notify the Customer where reasonably practicable and cooperate with the Customer to fulfill its obligations.

10. Breach Notification

If we confirm a security incident affecting Customer Personal Data, we will notify the Customer within 72 hours of becoming aware (where reasonably feasible) and provide information about the nature, scope, and remediation of the incident.

11. Execution

To obtain a signed copy of this DPA, contact privacy@americanenglishediting.com. We will provide a PDF version for mutual signature.