Last reviewed: 2026-05-19
Template. This document is a structural placeholder. Replace it with text reviewed by your legal counsel before launch.
This DPA applies where the operator processes personal data on behalf of a business customer (the controller). A signed copy is available to B2B customers on request.
Controller/processor roles, subject matter, duration, nature and purpose of processing, and categories of data subjects go here.
Processing only on documented instructions, confidentiality, security measures, and assistance with data-subject requests.
Authorized sub-processors are listed in the sub-processor list; customers are notified of changes per this DPA.
Breach notification within 72 hours and return/deletion of data on termination. The incident procedure is maintained in an internal runbook.