Data Processing Agreement
Our DPA covers all GDPR Article 28 requirements and is pre-signed by VulpaSoft. Download it, countersign, and keep it in your records.
What's included
- Subject matter and duration of processing
- Nature and purpose of processing
- Type of personal data and categories of data subjects
- Controller and processor obligations
- Technical and organizational security measures
- Sub-processor list with EU locations
- Data breach notification procedures
- Data return and deletion upon termination
- Audit rights
Sub-processors
All VulpaSoft sub-processors are EU-based. The complete list is included in the DPA and updated when changes occur. Current sub-processors:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database & auth | Frankfurt, DE |
| Tinybird | Event analytics | Frankfurt, DE |
| Upstash | Cache & queues | Frankfurt, DE |
| Vercel | Application hosting | Frankfurt, DE |
| Stripe | Payment processing | EU |
Questions?
For DPA-related questions, contact our DPO at dpo@vulpasoft.com or our legal team at legal@vulpasoft.com.