Data Processing Agreement
Status: Draft. Signable PDF target Q3-2026.
0dai is preparing a Data Processing Agreement covering the controller-processor relationship under GDPR Article 28 and the equivalent provisions of the UK GDPR. The agreement will cover sub-processor disclosure, data-subject request handling, security measures, breach notification timing, audit cooperation, and international transfer mechanisms.
What you can do today
Procurement reviewers needing a DPA before the published version should email hello@0dai.dev with the contracting entity, jurisdiction, and the data categories you process. We send a redlined draft within two business days.
References while the DPA is in draft
- Security — data flow, retention in days, and the sub-processor list this DPA will incorporate by reference.
- Trust Center — controls posture, vulnerability disclosure, and SOC 2 progress.
- Privacy Policy — what we collect, why, and your rights.
- Terms — service terms, acceptable use, and billing.
Sub-processor change notice
Customers on the Pro and Team plans receive at least 14 days' email notice before a new sub-processor that touches customer data is added. The current list is on the Security page.