Skip to main content

Data Processing Addendum

Last updated: June 26, 2026

This page summarizes Formalingo's current data processing posture for customers evaluating a DPA. It is informational and does not replace a signed agreement.

Roles

For customer content, form responses, signer data, uploaded files, and document evidence, the customer is generally the controller or business, and Formalingo acts as processor or service provider.

For account, billing, security, and product operations data, Formalingo may act as an independent controller where required to operate and secure the service.

Processor commitments

  • Process customer personal data only to provide and support the service or as instructed by the customer.
  • Use confidentiality obligations for personnel with access to customer personal data.
  • Maintain technical and organizational measures designed to protect customer personal data.
  • Assist customers with data subject requests, security reviews, deletion, export, and breach response where the product or support process permits.
  • Delete or return customer personal data at termination or deletion, subject to legal holds, security needs, backups, and legal retention obligations.

International transfers

Where EU, EEA, Swiss, or UK personal data is transferred internationally, customers should use an executed DPA with appropriate transfer terms such as the current EU Standard Contractual Clauses and, where applicable, the UK transfer addendum.

Signed DPA

This page is a product and operational summary, not a signed contract. Customers who need a signed Data Processing Addendum should contact Formalingo before processing regulated or high-volume personal data.

Contact

Questions about this page or a compliance review? Contact us.