Data Processing Addendum

Enterprise Ready: Our Data Processing Addendum (DPA) ensures GDPR compliance for organizations processing personal data through Jamdesk.

What is a DPA?

A Data Processing Addendum is a legally binding contract between a data controller (you) and a data processor (Jamdesk) that governs how personal data is handled. It's required under GDPR when you use third-party services to process personal data.

Key Provisions

Our DPA includes:

Standard Contractual Clauses (SCCs): EU-approved clauses for international data transfers
Data Processing Terms: Clear definitions of data categories, processing purposes, and duration
Security Measures: Technical and organizational safeguards we implement
Sub-processor List: Transparency about third-party services we use
Data Subject Rights: How we support your compliance obligations
Breach Notification: Our commitment to timely incident reporting

Who Needs a DPA?

You should sign our DPA if:

Your organization is based in the EU/EEA or UK
You process personal data of EU/EEA or UK residents
Your enterprise compliance policies require it
You're subject to GDPR, UK GDPR, or similar regulations

Request a DPA

To request a signed DPA, please contact us at legal@jamdesk.com with the subject line "DPA Request" and include:

Your company name and address
Contact person for legal/compliance
Your Jamdesk account email

We typically process DPA requests within 5 business days.

Sub-processors

We use the following sub-processors to deliver our services:

Sub-processor	Purpose	Location
Google Cloud Platform	Infrastructure, compute, storage	United States
Firebase (Google)	Authentication, database	United States
Stripe	Payment processing	United States
Cloudflare	CDN, security, R2 storage	Global
Vercel	Website hosting	United States
Resend	Transactional email	United States

We will notify customers of any changes to sub-processors with at least 30 days notice.

Questions?

For questions about our DPA or data processing practices, contact legal@jamdesk.com