Data Processing Agreement

DPA, Explained Clearly

Updated January 15, 2026

8 min read

Version 3.0

The Quick Version

GDPR-compliant data processing terms

Standard Contractual Clauses (SCCs) included

Clear list of all sub-processors

Your data, your control — always

Request a signed DPA anytime

Need a signed DPA?

Get your countersigned DPA instantly — free for all paid plans.

Request DPA Download Template

Current Sub-processors

We carefully vet and monitor all third parties that process your data.

Provider	Purpose	Location	Data Types
Amazon Web Services (AWS)	Cloud infrastructure and storage	United States (with EU region options)	All customer data and files
Cloudflare	CDN, DDoS protection, DNS	Global (edge locations)	Request metadata, cached content
Stripe	Payment processing	United States	Billing information only
Postmark	Transactional email delivery	United States	Email addresses, notification content
Plausible Analytics	Privacy-focused website analytics	European Union	Anonymous usage statistics only

Last updated: January 15, 2026. We notify customers 30 days before adding new sub-processors.

TL;DR

A legal agreement that defines how we process your data on your behalf.

Key Points

Required by GDPR for data processors
Defines roles: you're the controller, we're the processor
Specifies how we handle your users' data
Legally binding commitment to data protection

Plain English Explanation

A Data Processing Agreement (DPA) is a legal contract between:

•You (the "Data Controller") — You decide what data to collect and why
•Uplint (the "Data Processor") — We process data on your behalf

Why It Matters

When your users upload files through your app (using Uplint), you're the one responsible for their data under GDPR. But since we're handling the actual storage and processing, you need a legal agreement with us that ensures we'll protect that data properly.

What the DPA Covers

•What data we process: Files, metadata, account information
•How we process it: Storage, encryption, virus scanning, delivery
•Security measures: Technical and organizational safeguards
•Sub-processors: Third parties we use (like AWS)
•Your rights: Audit, deletion, portability requests
•Breach notification: How and when we'll notify you

The Bottom Line

The DPA is your assurance that when you trust us with your users' data, we'll handle it with the same care and legal compliance that GDPR requires of you.

TL;DR

If you have EU users or enterprise compliance requirements, you likely need a DPA.

TL;DR

We commit to processing your data only as instructed and with appropriate safeguards.

TL;DR

You can audit us, request data, and instruct us how to handle your data.

TL;DR

We use a small number of carefully vetted third parties to provide our service.

TL;DR

Your data is stored in the US by default, with EU options for Enterprise customers.

TL;DR

Technical and organizational measures that protect your data.

TL;DR

We'll notify you within 48 hours if there's a breach affecting your data.

TL;DR

Request a signed DPA in seconds — it's free and automated.

Questions about our DPA? Contact our legal team at legal@uplint.dev. For enterprise agreements, reach out to enterprise@uplint.dev.

Data Processing Agreement

The Quick Version

Need a signed DPA?

Current Sub-processors

What is a DPA?

Key Points

Plain English Explanation

Why It Matters

What the DPA Covers

The Bottom Line

When You Need One

Our Commitments

Your Rights

Sub-processors

Data Locations

Security Measures

Breach Notification

How to Get Your DPA