Klarbe ← Back to site

Data Processing Agreement (DPA)

Last updated: 2026-06-13

Initial draft. This document is a base template and will be reviewed by legal counsel before commercial launch.

1. Purpose and roles

This agreement governs the processing of personal data that Klarbe performs on behalf of the customer. The customer is the data controller and Klarbe acts as the processor.

2. Scope of processing

We process data only following the customer's instructions and to provide the contracted service, for the duration of the subscription.

3. Processor obligations

We ensure the confidentiality of authorized personnel, assist the customer in handling data subject rights, and do not use the data for our own purposes.

4. Subprocessors

We may use subprocessors (infrastructure, payment, communications) under obligations equivalent to those of this agreement, and we will report material changes.

5. Data security

We maintain appropriate technical and organizational measures, including logical per-organization isolation (multi-tenant with row-level access control).

6. International transfers

When data is processed outside your country, we will apply appropriate safeguards in accordance with applicable law.

7. Incident notification

We will notify the customer without undue delay of a security breach affecting their personal data, with the information available.

8. Return or deletion

Upon termination of the service, we will return or delete the customer's personal data, unless legally required to retain it.

9. Audit

We will make available to the customer reasonable information to demonstrate compliance with this agreement. To sign a DPA, write to us at legal@klarbe.com.