{"id":79,"date":"2025-11-28T07:59:20","date_gmt":"2025-11-28T14:59:20","guid":{"rendered":"https:\/\/bookamor.com\/?page_id=79"},"modified":"2025-11-28T07:59:20","modified_gmt":"2025-11-28T14:59:20","slug":"dpa","status":"publish","type":"page","link":"https:\/\/bookamor.com\/?page_id=79","title":{"rendered":"DPA"},"content":{"rendered":"\n<div class=\"wp-block-group\">\n\n\t\n\t<h1 class=\"wp-block-heading\">BookAmor \u2013 Data Processing Agreement (DPA)<\/h1>\n\t\n\n\t\n\t<p>This Data Processing Agreement (\u201cAgreement\u201d) forms part of the service arrangement under which a Library (\u201cController\u201d) uses the BookAmor platform. Pronunciator LLC (\u201cProcessor\u201d) provides and operates BookAmor on behalf of the Controller.<\/p>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">1. Definitions<\/h2>\n\t\n\n\t\n\t<ul class=\"wp-block-list\">\n\t\t<li><strong>Processor<\/strong>: Pronunciator LLC<\/li>\n\t\t<li><strong>Controller<\/strong>: The library using BookAmor<\/li>\n\t\tli><strong>Personal Data<\/strong>: Any information relating to an identified or identifiable natural person<\/li>\n\t\t<li>Terms not defined here have the meanings set out in the GDPR.<\/li>\n\t<\/ul>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">2. Subject Matter, Nature, and Purpose<\/h2>\n\t\n\n\t\n\t<p>The Processor provides a hosted, multi-tenant discovery interface (BookAmor) configured specifically for each Library. The Processor loads library configuration, authentication rules, catalog templates, and usage logging settings based on the Library\u2019s instructions.<\/p>\n\t\n\n\t\n\t<p><strong>Purpose of processing:<\/strong><\/p>\n\t\n\n\t\n\t<ul class=\"wp-block-list\">\n\t\t<li>Providing library-authorized access to BookAmor<\/li>\n\t\t<li>Performing optional IP- or card-based authentication<\/li>\n\t\t<li>Enabling catalog search and recommendations<\/li>\n\t\t<li>Providing anonymous usage statistics to the Library<\/li>\n\t\t<li>Generating text responses for the Ask-AI Reading Aide<\/li>\n\t<\/ul>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">3. Categories of Personal Data Processed<\/h2>\n\t\n\n\t\n\t<p>Depending on the Library\u2019s configuration, the following data may be processed:<\/p>\n\t\n\n\t\n\t<h3 class=\"wp-block-heading\">a. Access Information<\/h3>\n\t\n\n\t\n\t<ul class=\"wp-block-list\">\n\t\t<li><strong>IP address<\/strong>, only to determine eligibility when the Library enables IP-based authentication.<\/li>\n\t\t<li><strong>Library-card number<\/strong> at the moment the patron enters it. It is validated against pattern rules and is not stored permanently.<\/li>\n\t\t<li><strong>Opaque authentication tokens<\/strong> (\u201cremember-me\u201d tokens) used to avoid repeated card entry. Tokens do not identify a user.<\/li>\n\t<\/ul>\n\t\n\n\t\n\t<h3 class=\"wp-block-heading\">b. Anonymous Usage Events<\/h3>\n\t\n\n\t\n\t<p>The Processor logs anonymous events so the Library may understand usage of BookAmor. Logged fields include:<\/p>\n\t\n\n\t\n\t<ul class=\"wp-block-list\">\n\t\t<li>Library ID<\/li>\n\t\t<li>Action type (e.g., page view, recommendation request, Ask-AI request, find-in-library click)<\/li>\n\t\t<li>Media type<\/li>\n\t\t<li>Seed title (truncated)<\/li>\n\t\t<li>Access method (\u201cip\u201d, \u201ccard\u201d, or \u201cnone\u201d)<\/li>\n\t\t<li>Timestamp<\/li>\n\t<\/ul>\n\t\n\n\t\n\t<h3 class=\"wp-block-heading\">c. Ask-AI Messages<\/h3>\n\t\n\n\t\n\t<p>The Ask-AI Reading Aide processes only the item title, media type, and the patron\u2019s question. No personal identifiers or tracking data are sent to OpenAI.<\/p>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">4. Duration<\/h2>\n\t\n\n\t\n\t<p>Processing continues for as long as the Library uses BookAmor or until the Controller instructs the Processor to delete data.<\/p>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">5. Processor Obligations<\/h2>\n\t\n\n\t\n\t<ul class=\"wp-block-list\">\n\t\t<li>Process data only on documented instructions from the Controller.<\/li>\n\t\t<li>Implement appropriate technical and organizational security measures.<\/li>\n\t\t<li>Ensure personnel with access are bound by confidentiality.<\/li>\n\t\t<li>Not engage additional sub-processors without notice, except where necessary for hosting and the Ask-AI endpoint.<\/li>\n\t\t<li>Assist the Controller in fulfilling GDPR obligations where reasonably possible.<\/li>\n\t\t<li>Delete or return personal data upon request or at the end of service, noting that BookAmor normally stores minimal or no personal data.<\/li>\n\t<\/ul>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">6. Sub-Processors<\/h2>\n\t\n\n\t\n\t<p>The Controller authorizes the following sub-processors:<\/p>\n\t\n\n\t\n\t<ul class=\"wp-block-list\">\n\t\t<li>Hosting providers used to operate the BookAmor service (United States).<\/li>\n\t\t<li>OpenAI, used solely for generating Ask-AI responses.<\/li>\n\t<\/ul>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">7. International Transfers<\/h2>\n\t\n\n\t\n\t<p>The Processor operates in the United States. The Controller acknowledges and consents to data necessary for providing BookAmor being processed in the United States. OpenAI processes text under contractual terms intended to comply with GDPR requirements.<\/p>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">8. Controller Obligations<\/h2>\n\t\n\n\t\n\t<p>The Controller is responsible for informing patrons about BookAmor\u2019s operation, selecting appropriate authentication modes, and ensuring the legality of those choices under local rules and policies.<\/p>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">9. Security Measures<\/h2>\n\t\n\n\t\n\t<ul class=\"wp-block-list\">\n\t\t<li>Secure session handling<\/li>\n\t\t<li>Secure cookies (httponly, secure, samesite=lax)<\/li>\n\t\t<li>No storage of library-card numbers<\/li>\n\t\t<li>No creation of user accounts or reading histories<\/li>\n\t\t<li>No tracking or analytics cookies<\/li>\n\t\t<li>Database access controls and minimized event logging<\/li>\n\t\t<li>Error logging without personal identifiers<\/li>\n\t<\/ul>\n\t\n\n\t\n\t<h2 class=\"wp-block-heading\">10. Liability<\/h2>\n\t\n\n\t\n\t<p>Each party is responsible for its own compliance with GDPR. The Processor is liable only for processing performed outside the Controll\n<!-- \/wp:post-content --><!-- wp:post-content --><!-- wp:group {\"layout\":{\"type\":\"constrained\"}} -->\n<div class=\"wp-block-group\">\n\n\t<!-- wp:heading {\"level\":1} -->\n\t<h1 class=\"wp-block-heading\">BookAmor \u2013 Data Processing Agreement (DPA)<\/h1>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>This Data Processing Agreement (\u201cAgreement\u201d) forms part of the service arrangement under which a Library (\u201cController\u201d) uses the BookAmor platform. Pronunciator LLC (\u201cProcessor\u201d) provides and operates BookAmor on behalf of the Controller.<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">1. Definitions<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:list -->\n\t<ul>\n\t\t<li><strong>Processor<\/strong>: Pronunciator LLC<\/li>\n\t\t<li><strong>Controller<\/strong>: The library using BookAmor<\/li>\n\t\tli><strong>Personal Data<\/strong>: Any information relating to an identified or identifiable natural person<\/li>\n\t\t<li>Terms not defined here have the meanings set out in the GDPR.<\/li>\n\t<\/ul>\n\t<!-- \/wp:list -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">2. Subject Matter, Nature, and Purpose<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>The Processor provides a hosted, multi-tenant discovery interface (BookAmor) configured specifically for each Library. The Processor loads library configuration, authentication rules, catalog templates, and usage logging settings based on the Library\u2019s instructions.<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:paragraph -->\n\t<p><strong>Purpose of processing:<\/strong><\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:list -->\n\t<ul>\n\t\t<li>Providing library-authorized access to BookAmor<\/li>\n\t\t<li>Performing optional IP- or card-based authentication<\/li>\n\t\t<li>Enabling catalog search and recommendations<\/li>\n\t\t<li>Providing anonymous usage statistics to the Library<\/li>\n\t\t<li>Generating text responses for the Ask-AI Reading Aide<\/li>\n\t<\/ul>\n\t<!-- \/wp:list -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">3. Categories of Personal Data Processed<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>Depending on the Library\u2019s configuration, the following data may be processed:<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:heading {\"level\":3} -->\n\t<h3 class=\"wp-block-heading\">a. Access Information<\/h3>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:list -->\n\t<ul>\n\t\t<li><strong>IP address<\/strong>, only to determine eligibility when the Library enables IP-based authentication.<\/li>\n\t\t<li><strong>Library-card number<\/strong> at the moment the patron enters it. It is validated against pattern rules and is not stored permanently.<\/li>\n\t\t<li><strong>Opaque authentication tokens<\/strong> (\u201cremember-me\u201d tokens) used to avoid repeated card entry. Tokens do not identify a user.<\/li>\n\t<\/ul>\n\t<!-- \/wp:list -->\n\n\t<!-- wp:heading {\"level\":3} -->\n\t<h3 class=\"wp-block-heading\">b. Anonymous Usage Events<\/h3>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>The Processor logs anonymous events so the Library may understand usage of BookAmor. Logged fields include:<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:list -->\n\t<ul>\n\t\t<li>Library ID<\/li>\n\t\t<li>Action type (e.g., page view, recommendation request, Ask-AI request, find-in-library click)<\/li>\n\t\t<li>Media type<\/li>\n\t\t<li>Seed title (truncated)<\/li>\n\t\t<li>Access method (\u201cip\u201d, \u201ccard\u201d, or \u201cnone\u201d)<\/li>\n\t\t<li>Timestamp<\/li>\n\t<\/ul>\n\t<!-- \/wp:list -->\n\n\t<!-- wp:heading {\"level\":3} -->\n\t<h3 class=\"wp-block-heading\">c. Ask-AI Messages<\/h3>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>The Ask-AI Reading Aide processes only the item title, media type, and the patron\u2019s question. No personal identifiers or tracking data are sent to OpenAI.<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">4. Duration<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>Processing continues for as long as the Library uses BookAmor or until the Controller instructs the Processor to delete data.<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">5. Processor Obligations<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:list -->\n\t<ul>\n\t\t<li>Process data only on documented instructions from the Controller.<\/li>\n\t\t<li>Implement appropriate technical and organizational security measures.<\/li>\n\t\t<li>Ensure personnel with access are bound by confidentiality.<\/li>\n\t\t<li>Not engage additional sub-processors without notice, except where necessary for hosting and the Ask-AI endpoint.<\/li>\n\t\t<li>Assist the Controller in fulfilling GDPR obligations where reasonably possible.<\/li>\n\t\t<li>Delete or return personal data upon request or at the end of service, noting that BookAmor normally stores minimal or no personal data.<\/li>\n\t<\/ul>\n\t<!-- \/wp:list -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">6. Sub-Processors<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>The Controller authorizes the following sub-processors:<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:list -->\n\t<ul>\n\t\t<li>Hosting providers used to operate the BookAmor service (United States).<\/li>\n\t\t<li>OpenAI, used solely for generating Ask-AI responses.<\/li>\n\t<\/ul>\n\t<!-- \/wp:list -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">7. International Transfers<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>The Processor operates in the United States. The Controller acknowledges and consents to data necessary for providing BookAmor being processed in the United States. OpenAI processes text under contractual terms intended to comply with GDPR requirements.<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">8. Controller Obligations<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>The Controller is responsible for informing patrons about BookAmor\u2019s operation, selecting appropriate authentication modes, and ensuring the legality of those choices under local rules and policies.<\/p>\n\t<!-- \/wp:paragraph -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">9. Security Measures<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:list -->\n\t<ul>\n\t\t<li>Secure session handling<\/li>\n\t\t<li>Secure cookies (httponly, secure, samesite=lax)<\/li>\n\t\t<li>No storage of library-card numbers<\/li>\n\t\t<li>No creation of user accounts or reading histories<\/li>\n\t\t<li>No tracking or analytics cookies<\/li>\n\t\t<li>Database access controls and minimized event logging<\/li>\n\t\t<li>Error logging without personal identifiers<\/li>\n\t<\/ul>\n\t<!-- \/wp:list -->\n\n\t<!-- wp:heading {\"level\":2} -->\n\t<h2 class=\"wp-block-heading\">10. Liability<\/h2>\n\t<!-- \/wp:heading -->\n\n\t<!-- wp:paragraph -->\n\t<p>Each party is responsible for its own compliance with GDPR. The Processor is liable only for processing performed outside the Controll\n<!-- \/wp:paragraph --><!-- \/wp:group -->","protected":false},"excerpt":{"rendered":"<p>BookAmor \u2013 Data Processing Agreement (DPA) This Data Processing Agreement (\u201cAgreement\u201d) forms part of the service arrangement under which a Library (\u201cController\u201d) uses the BookAmor platform. Pronunciator LLC (\u201cProcessor\u201d) provides and operates BookAmor on behalf of the Controller. 1. Definitions Processor: Pronunciator LLC Controller: The library using BookAmor li>Personal Data: Any information relating to an [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-79","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/bookamor.com\/index.php?rest_route=\/wp\/v2\/pages\/79","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bookamor.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bookamor.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bookamor.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bookamor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=79"}],"version-history":[{"count":2,"href":"https:\/\/bookamor.com\/index.php?rest_route=\/wp\/v2\/pages\/79\/revisions"}],"predecessor-version":[{"id":81,"href":"https:\/\/bookamor.com\/index.php?rest_route=\/wp\/v2\/pages\/79\/revisions\/81"}],"wp:attachment":[{"href":"https:\/\/bookamor.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=79"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}