Data Processing Addendum (DPA)

Last updated: February 5, 2026

DataBrief acts as a processor when handling client data on behalf of your organization.

Roles

Client: Data Controller.

DataBrief: Data Processor.

Subprocessors

Render (backend infrastructure)
Vercel (frontend infrastructure)
Resend (email delivery)
Stripe (payments and billing)
OpenAI (AI processing for summaries and recommendations)

Residency and transfers

EU processing is the default baseline. If a non-EEA processor is required for a specific capability, it is documented and SCCs are enabled before use.

Security measures

We apply encrypted connector credentials, HttpOnly cookie sessions, CSRF protection, role-based access controls, audit logging, and automated retention controls.

Data subject requests

If we receive a request related to data processed on your behalf, we will notify you so you can respond.

Contact

To sign a specific DPA or request further details, email hello@databrief.io.