Skip to content
EmailMate
Log inGet Started
Draft. This is a pre-launch draft. Final DPA reviewed by counsel before countersigning.

Data Processing Addendum

Last updated: 2026-04-14

Overview

When you use EmailMate to process personal data of EU/UK residents, you act as the “data controller” and EmailMate acts as the “data processor” under the GDPR. Our Data Processing Addendum formalizes this relationship and satisfies GDPR Article 28 requirements.

What the DPA covers

  • Scope of processing and lawful basis.
  • Our subprocessors (see Security).
  • Technical and organizational measures.
  • Standard Contractual Clauses (SCCs) for EU → US data transfers.
  • Breach notification obligations (72-hour window).
  • Audit rights and subprocessor change notification.
  • Data deletion and return on termination.

Request a signed DPA

Email legal@emailmate.dev with your organization name, signatory, and account email. We countersign within 2 business days.

Request signed DPA