We understand that trusting a third-party with your secrets requires contractual certainty. Our DPA provides the guarantees you need to comply with GDPR, CCPA, and enterprise compliance standards.
To assist our customers with their compliance obligations, we offer a robust Data Processing Addendum (DPA). This document governs the processing of personal data and is automatically incorporated by reference into our Terms of Service.
For customers on our Free (Developer) and Team plans, the DPA is effective immediately upon accepting the Terms. You do not need to sign a separate document.
It is critical to distinguish between the types of data Ennote processes under this DPA:
Our DPA incorporates the latest Standard Contractual Clauses (SCCs) to ensure compliant data transfers from the EEA, UK, Switzerland, and Canada to other jurisdictions.
We commit to specific Technical and Organizational Measures (TOMs), including Zero Persistence architecture, Post-Quantum encryption, and strict access controls aligned with SOC 2.
Clear protocols for notifying you about changes to our subprocessor list (e.g., AWS, Stripe), giving you the right to object as required by GDPR.
For Enterprise customers requiring a counter-signed copy of the DPA for regulatory audits or vendor risk assessments, please contact our legal team.
*We generally do not accept redlines to our standard DPA for non-Enterprise plans.