DPA

Data Processing Addendum (DPA)

Atlas should sign a DPA whenever Atlas processes personal data for a customer in a processor or service-provider role. That includes the usual Atlas workforce-account and operational-data flows in the product.

Back

Last updated: March 13, 2026

The DPA template below is drafted for Atlas as a processor or service provider, while reserving Atlas controller status for website inquiries, direct commercial contacts, security logging, and certain product analytics or compliance activities that Atlas determines for its own purposes.

The downloadable DPA template also includes customer-instruction, subprocessor, international-transfer, incident-notice, audit, and return-or-deletion clauses. It should be finalized together with the customer order form or MSA.

Key DPA commitments

Process customer personal data only on documented instructions.
Apply confidentiality, access control, logging, encryption in transit, and reasonable security measures.
Assist with rights requests, impact assessments, and incident response where law requires it.
Flow down data-protection obligations to approved subprocessors.
Return or delete personal data on termination under the contract and documented instructions.

Download DPA template