Data Processing Agreement (template)

Executed Data Processing Agreements (DPAs) are issued as PDF or DocuSign envelopes after your SaaS workspace or Enterprise procurement team completes vendor diligence.

The downloadable scaffold below summarizes Article 28-style obligations (instructions, secrecy, subprocessors, assistance, breaches, deletes) so security reviewers can anticipate exhibit structure—**replace it with countersigned artefacts** supplied by Sentink Legal.

Need custom SCC tables, HIPAA BAAs in hybrid contexts, GCC residency riders, Schrems II TIA excerpts, penetration-test sharing letters, escrow riders, cryptographic control matrices, DPIA coop clauses, supervisory liaison hotlines… **still start with [email protected]** orchestrating coherent packaging.

Structural commitments preview

Processor processes personal data solely on documented instructions.
Subprocessors only per notice windows or permitted emergency carve-outs.
Deletes / returns staged per cessation schedules subject to lawful retention freezes.
Cooperation artefacts for supervisory inquiries when Sentink qualifies as processor for your programme data.
Incident choreography aligned with GDPR Articles 33/34 interplay clauses you negotiate.
SOC 2 Type II roadmap targets **Q4 2026**; ISO 27001 targets **Q1 2027**—marketing remains non-certification language until attestations publish officially.
Optional AI Annex describing inference boundaries, DPIA coop, no-training reaffirmations, human oversight.

Use the Markdown overview to brief counsel ahead of signatures.

File: sentink-dpa-template.md • UTF-8 text suitable for CIO / DPO previews — not substitute for bespoke counsel-reviewed contracts.

Download Markdown scaffold (.md)

For executed paperwork: [email protected] (routing) • [email protected] • [email protected] escalate when supervisory letters arrive.