Data Processing Agreement (DPA)

Available on request for Enterprise customers.

Our standard DPA covers UK GDPR Article 28 processor obligations, sub-processor approval (Resend, Dodo Payments, Fly.io, Neon), data location, breach notification (72 hours), and the Standard Contractual Clauses where applicable.

For a signed DPA template, email hello@borrowsignal.com with your company details and a copy will be returned within 1 business day.

This is intentionally short because for most customers (Starter and Pro tiers), we are controller-to-controller, not processor — we deliver public-source data we are independently authorised to process under our own legitimate interest. A DPA is only required where you become a processor of personal data we control, which doesn't apply to lead-delivery scenarios.