Data Processing Agreement (DPA)
Last updated: May 31, 2026
For enterprise customers requiring a Data Processing Agreement, contact support@onestore.so. We provide a DPA based on the European Commission Standard Contractual Clauses (controller → processor module).
DPA contents
- Description of processing and data categories (account, workspace, store metadata, encrypted credentials).
- Technical and organizational measures (encryption, access control, audit log).
- List of sub-processors (see below).
- Breach notification within 72 hours.
- Assistance with data subject requests and impact assessments.
Sub-processors
| Provider | Purpose | Location |
|---|---|---|
| Vercel | Application hosting | US / EU |
| Neon | PostgreSQL database | EU / US |
| Cloudflare R2 | File and binary storage | Global |
| Stripe | Payments and subscriptions | US / EU |
| Resend | Transactional email | US |
| Upstash | Queues and scheduled jobs | US / EU |
| PostHog | Product analytics (with consent) | US / EU |
| Sentry | Error monitoring | US / EU |
| Anthropic | AI text generation | US |
We notify enterprise customers of any new sub-processor with 30 days' notice. Full PDF document sent on request.