Legal
Data Processing Agreement template
GDPR Article 28-compliant. The signed agreement is provided as part of pilot or commercial onboarding.
We provide a standard GDPR Article 28-compliant Data Processing Agreement for all customers. This page describes what's covered. The signed agreement is provided as part of pilot or commercial onboarding.
What our DPA covers
- The roles of controller (you) and processor (Shards)
- Categories of personal data processed and their purpose
- Data subject rights and how we support them
- Sub-processor governance (with our published sub-processor list)
- Security measures (technical and organisational)
- Breach notification obligations and timelines
- International data transfers (EU-only by default)
- Audit rights and how they're exercised
- Termination and data return / deletion
How to get a copy
Email privacy@shardscybersecurity.io with your company name and we'll send the current template within one business day.
If your procurement team has standard DPA terms, we'll review and sign yours if it's within the bounds of standard EU practice. We'll work through any redlines you flag.
Related
- Trust & security — hosting, isolation, AI posture, sub-processors
- Privacy policy — how we process personal data on this site