Data Processing Agreement
Clear responsibilities for customer data
Scriboflow acts as a data processor on behalf of its customers. For customers who require a Data Processing Agreement, we can provide a DPA that outlines how customer data is handled and protected.
DPA basics
What is a DPA?
DPA overview
A Data Processing Agreement is a contract between Scriboflow and its customers that describes how personal data is processed, protected, and managed in accordance with applicable privacy laws, including GDPR.
DPA requests
When Do You Need a DPA?
A DPA is commonly requested when an organization needs formal documentation for how personal data is processed by a service provider.
GDPR Requirements
Your organization is subject to GDPR or similar privacy requirements.
Personal Data in Contracts
Your contracts may contain names, emails, addresses, signatures, or other personal information.
Procurement or Compliance Review
Your legal, procurement, or compliance team requires a DPA before approving a new platform.
Data handling
How Scriboflow Handles Data
European Data Hosting
Customer data is stored and processed in Europe, with primary infrastructure located in Frankfurt, Germany.
Secure Infrastructure
Scriboflow uses trusted infrastructure providers including Supabase, Google Cloud, and Vercel.
Access Controls
Account security includes multi-factor authentication, email verification, and automatic session expiration after inactivity.
Audit Trails
Important contract and signing activities are recorded through activity logs and contract audit timelines.
Subprocessors
Subprocessors
Provider transparency
Scriboflow works with a limited number of service providers to help deliver hosting, storage, electronic signatures, analytics, payments, and email communications.
View SubprocessorsDPA request
Need a DPA?
Customers who require a Data Processing Agreement can contact our team and request a copy for review.
Request a DPARelated resources
Related Resources
Review related Trust Center and legal resources.