Data Processing Addendum

A Data Processing Addendum (DPA) is available to customers on the Team plan who need one for their own compliance obligations — GDPR, UK GDPR, CCPA, or similar.

How to request a DPA

Email steve@vinculum.run with the subject line "DPA request".

Include:

• Your organization name and jurisdiction
• The regulation(s) you need coverage for
• Any specific clauses or templates you need us to match

We will review and respond within 5 business days.

What a standard Vinculum DPA covers

• Subject matter, nature, duration, and purpose of processing
• Categories of personal data processed and categories of data subjects
• Your instructions to us as processor
• Technical and organizational security measures (see Security Policy)
• Sub-processor disclosure and notification commitments (see Subprocessors)
• Data subject rights support obligations
• Return and deletion of personal data upon termination
• Standard Contractual Clauses (SCCs) for EU/EEA → USA data transfers where applicable

Self-hosted instances

If you self-host Vinculum from the open-source repository, you are the data controller and the operator. You do not need a DPA from us — you are processing data under your own infrastructure and terms. The Vinculum DPA only applies to data processed by the hosted service at vinculum.run.

Related policies

Privacy Policy · Subprocessors · Security

Contact

steve@vinculum.run — DPA requests and data privacy questions