This Data Processing Agreement ("DPA") forms part of the Terms of Service between
Metapher Media Labs ("Metapher", "Processor", "Service Provider", "we", "our", or "us") and the entity or individual using Metapher's services ("Customer", "Controller", or "Business").
This DPA governs the processing of personal data in connection with the use of Metapher's software platforms and services, including but not limited to:
Magpiie (video production management and collaboration software)
Creator workflow platforms
Digital content management tools
SaaS infrastructure operated by Metapher Media Labs
This agreement ensures compliance with:
General Data Protection Regulation (GDPR)
California Consumer Privacy Act (CCPA)
California Privacy Rights Act (CPRA)
Applicable international data protection laws
By using Metapher's services, the Customer agrees to this Data Processing Agreement.
Last Updated: March 13, 2026
1. Definitions
For the purposes of this DPA:
Controller – The entity that determines the purposes and means of processing personal data.
Processor – An entity that processes personal data on behalf of the Controller.
Data Subject – An identifiable individual whose personal data is processed.
Personal Data – Any information relating to an identified or identifiable natural person.
Processing – Any operation performed on personal data including collection, storage, use, disclosure, or deletion.
Sub-processor – A third party engaged by the Processor to process personal data on behalf of the Controller.
Applicable Data Protection Laws – Includes GDPR, CCPA, CPRA, and other applicable privacy regulations.
2. Roles of the Parties
For the purposes of this DPA:
The Customer acts as the Data Controller or Business.
Metapher Media Labs acts as the Data Processor or Service Provider.
Metapher processes personal data only on behalf of and under the instructions of the Customer.
3. Scope of Processing
Metapher processes personal data only to the extent necessary to provide its SaaS services. Processing activities may include:
Storing user-generated content
Enabling collaboration within software platforms
Managing project workflows
Authentication and user account management
Technical support and troubleshooting
Service security and monitoring
Metapher does not process personal data for advertising or unrelated purposes.
4. Categories of Data Processed
Depending on the services used, the following types of personal data may be processed:
Account Information – Name, email address, username, organization name, and login credentials.
Operational Data – Project data, workflow data, collaboration information, and uploaded files and content.
Technical Data – IP address, device identifiers, browser metadata, and usage logs.
Communication Data – Messages, support requests, and feedback submissions.
Metapher processes only the minimum personal data necessary to deliver its services.
5. Categories of Data Subjects
Personal data processed under this DPA may relate to:
Customers using Metapher services
Employees or contractors of the Customer
Collaborators invited into software platforms
End users interacting with customer content
6. Processing Instructions
Metapher shall process personal data only in accordance with documented instructions from the Customer, including:
Providing SaaS functionality
Storing user content
Performing technical maintenance
Providing customer support
If Metapher is required to process personal data by law, it will notify the Customer unless legally prohibited.
7. Confidentiality Obligations
Metapher ensures that all personnel authorized to process personal data are bound by confidentiality obligations, receive appropriate data protection training, and access personal data only when necessary for service delivery.
8. Security Measures
Metapher implements appropriate technical and organizational security measures to protect personal data.
Technical Safeguards:
SSL / TLS encryption
Secure cloud infrastructure
Access control mechanisms
Encrypted data transmission
System monitoring and logging
Organizational Safeguards:
Role-based access control
Internal security policies
Employee confidentiality agreements
Data protection procedures
Security measures are regularly reviewed and updated.
9. Sub-processors
Metapher may engage trusted third-party service providers ("Sub-processors") to support service delivery. Examples of sub-processors may include:
Cloud hosting providers
Analytics services
Email infrastructure providers
Payment processors such as Razorpay, PayPal, and Payoneer
All sub-processors are required to maintain appropriate data protection safeguards. Metapher ensures that sub-processors process data only for specified purposes, maintain confidentiality, and comply with applicable data protection laws.
10. International Data Transfers
Metapher operates globally and personal data may be transferred to countries outside the Customer's jurisdiction. Where transfers occur outside the European Economic Area (EEA), Metapher ensures appropriate safeguards including:
Standard Contractual Clauses (SCCs)
Secure infrastructure
Contractual protections with service providers
11. Data Subject Rights
Metapher assists Customers in fulfilling obligations related to data subject rights, including:
Access requests
Rectification requests
Deletion requests
Data portability requests
Objection to processing
If Metapher receives a request directly from a data subject, it will notify the Customer unless prohibited by law.
12. Data Breach Notification
In the event of a personal data breach, Metapher will notify the Customer without undue delay, provide available information regarding the breach, cooperate in mitigating risks, and support regulatory notification requirements.
Notifications will include:
Nature of the breach
Categories of affected data
Likely consequences
Remediation actions taken
13. Data Retention and Deletion
Metapher retains personal data only as long as necessary to provide services. Upon termination of services:
The Customer may request data export.
Personal data will be securely deleted after a reasonable retention period unless required by law.
Customers may request deletion at any time by contacting support.
14. Audits and Compliance
Metapher will make reasonable information available to demonstrate compliance with this DPA. Customers may request information regarding:
Security practices
Data protection policies
Sub-processor safeguards
Formal audits may be conducted where required by law or enterprise agreements.
15. CCPA / CPRA Compliance
For purposes of the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), Metapher acts as a Service Provider and processes personal data only to provide services requested by the Customer. Metapher does not sell personal information.
Metapher agrees not to:
Retain personal data beyond business purposes
Use personal data for unrelated commercial purposes
Disclose personal data except as required to deliver services
16. Liability
Each party's liability under this DPA is subject to the limitations defined in the Terms of Service between the parties. Neither party shall be liable for indirect or consequential damages except where required by law.
17. Term and Termination
This DPA remains in effect for as long as Metapher processes personal data on behalf of the Customer. Termination of the main service agreement automatically terminates this DPA. Certain obligations such as confidentiality and data protection responsibilities survive termination.
18. Changes to This Agreement
Metapher may update this DPA periodically to reflect legal developments, regulatory updates, or operational changes. The latest version will be available on this page with the updated effective date. Continued use of services constitutes acceptance of the updated DPA.
19. Governing Law
This DPA shall be governed by the laws specified in the Metapher Terms of Service, unless otherwise required by applicable data protection laws.
20. Contact Information
For questions regarding this Data Processing Agreement, contact:
