Data Processing Addendum (DPA).

Our standard DPA covers GDPR Article 28 obligations, sub-processor commitments, and security measures. We can countersign within two business days.

What it covers

• Roles & obligations (controller / processor)
• Sub-processor list (Supabase, Stripe, model providers, hosting)
• Technical & organisational security measures
• International transfer mechanisms (SCCs)
• Breach notification timelines
• Data subject rights handling