Data Processing Agreement

A Data Processing Agreement (DPA) is required under GDPR Article 28 when an organization (Controller) engages a service provider (Processor) to process personal data on their behalf.

When Do You Need a DPA?

You may need a DPA if your organization:

  • Is based in the EU/EEA or processes personal data of EU residents
  • Uses our platform to manage email signatures containing employee personal data
  • Enables email tracking features that collect recipient data
  • Is required by your own data protection policies to have DPAs with service providers

Download DPA Template

Download our standard DPA template for review

Our standard DPA covers:

  • GDPR Article 28 requirements
  • Sub-processor list
  • Technical & organizational measures
  • Data breach notification
  • International transfers (SCCs)

Request Custom DPA

Need custom terms or a signed copy?

Contact us if you need:

  • A countersigned DPA
  • Custom terms or amendments
  • Additional security documentation
  • Vendor security questionnaire completion

Current Sub-processors

Third-party services that process data on our behalf

ProviderPurposeLocation
ClerkAuthenticationUnited States
HetznerCloud hostingEU (Germany)
CloudflareCDN, file storage (R2)Global / EU
NeonDatabase hostingEU (Frankfurt)
PostHogProduct analyticsEU (Frankfurt)
PolarBilling & subscriptionsEU
ResendTransactional emailUnited States

For the complete list, see our Privacy Policy.

Questions?

Contact us at help@signkit.io for any DPA-related inquiries.