Data Processing Agreement

    This Data Processing Agreement ("DPA") forms part of the agreement between Everlit Inc. ("Everlit", "Processor") and the entity agreeing to these terms ("Customer", "Controller") for the provision of Everlit's services.

    1. Definitions

    • "Personal Data" means any information relating to an identified or identifiable natural person that is processed by Everlit on behalf of Customer in connection with the services.
    • "Processing" means any operation or set of operations performed on Personal Data, including collection, recording, storage, adaptation, retrieval, use, disclosure, or deletion.
    • "Data Subject" means an identified or identifiable natural person to whom Personal Data relates.
    • "Sub-processor" means any third party engaged by Everlit to process Personal Data on behalf of Customer.
    • "Data Protection Laws" means all applicable laws relating to the processing of Personal Data, including the General Data Protection Regulation (EU 2016/679) ("GDPR"), the California Consumer Privacy Act ("CCPA"), and any other applicable privacy legislation.

    2. Scope and Purpose of Processing

    Everlit processes Personal Data solely for the purpose of providing its text-to-audio platform services as described in the applicable service agreement. This includes:

    • Converting written content to audio using AI voice synthesis
    • Distributing audio content to podcast platforms
    • Providing analytics on content engagement
    • Managing user accounts and authentication
    • Processing payments for subscription services

    3. Obligations of the Processor

    Everlit shall:

    1. Process Personal Data only on documented instructions from the Controller, unless required to do so by applicable law.
    2. Ensure that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
    3. Implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing.
    4. Not engage another processor without prior specific or general written authorization of the Controller.
    5. Assist the Controller in ensuring compliance with obligations related to security of processing, data breach notification, data protection impact assessments, and prior consultation.
    6. At the choice of the Controller, delete or return all Personal Data after the end of the provision of services, and delete existing copies unless required by applicable law.
    7. Make available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this DPA.

    4. Data Subject Rights

    Everlit shall assist the Controller in responding to requests from Data Subjects exercising their rights under Data Protection Laws, including rights of access, rectification, erasure, restriction of processing, data portability, and objection. Everlit will promptly notify the Controller of any request received directly from a Data Subject and will not respond to such request without the Controller's prior authorization unless required by law.

    5. Sub-processors

    Everlit maintains an up-to-date list of sub-processors, available upon request by contacting privacy@everlit.audio.

    Everlit shall impose data protection obligations on any sub-processor it engages that are no less protective than those set out in this DPA. Everlit remains liable for the acts and omissions of its sub-processors.

    6. Data Security

    Everlit implements and maintains appropriate technical and organizational security measures, including:

    • Encryption of Personal Data in transit and at rest
    • Access controls and authentication mechanisms
    • Regular security assessments and vulnerability testing
    • Employee security awareness training
    • Incident response and business continuity procedures

    7. Data Breach Notification

    Everlit shall notify the Controller without undue delay, and in any event within 72 hours, after becoming aware of a personal data breach. Such notification shall include the nature of the breach, the categories and approximate number of Data Subjects and records concerned, the likely consequences, and the measures taken or proposed to address the breach.

    8. Data Deletion and Return

    Upon termination of the service agreement, Everlit shall, at the Controller's election, delete or return all Personal Data processed on behalf of the Controller. Everlit shall certify deletion upon request unless retention is required by applicable law, in which case Everlit shall isolate and protect such data from further processing.

    9. Audit Rights

    Everlit shall make available to the Controller all information reasonably necessary to demonstrate compliance with this DPA and shall allow for and contribute to audits, including inspections, conducted by the Controller or an auditor mandated by the Controller. Such audits shall be conducted with reasonable prior notice and shall not unreasonably interfere with Everlit's business operations.

    10. Cross-Border Transfers

    Everlit processes data primarily in the United States. Where Personal Data is transferred outside the European Economic Area (EEA), Everlit shall ensure that appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission or other lawful transfer mechanisms as required by Data Protection Laws.

    11. Contact

    For questions about this DPA or to exercise any rights described herein, please contact:

    Everlit Inc.

    2219 Main St, #654

    Santa Monica, CA 90405

    Email: privacy@everlit.audio

    Last updated: March 2, 2026

    Ready to Get Started with Everlit?

    Enter your email or feel free to email us at
    hello@everlit.audio