# Do you have a Data Processing Agreement (DPA)?

Yes. Oh Dear operates from Belgium and processes personal data on behalf of customers, so we act as a data processor under the GDPR. Our DPA covers:

- What personal data we process on your behalf
- How long we retain it
- Our security controls
- How sub-processors are engaged and notified
- Your rights as a data controller

## Where to find the Oh Dear DPA

We publish our DPA as a PDF:

- [GDPR Data Processing Agreement (PDF)](/data-processing-agreement)

For most customers, this pre-signed document is enough for their own GDPR documentation. You can download it, drop it into your records, and reference it in your own DPA chain.

## Signed / countersigned DPAs

If your procurement or legal team needs a countersigned version (Oh Dear signs, you sign, both parties retain a copy), [email us](/contact) from a company email address with your legal entity name, registered address, and the signatory's name. We'll countersign and return a PDF.

## Related compliance resources

- [Privacy Policy](/privacy)
- [Terms of Service](/terms)
- [Why no SOC 2?](/docs/faq/are-you-soc-2-verified)
- [Security policy](/security)

For specific compliance questions that aren't answered by the documents above, [contact support](/contact) and we'll route you to the right person.
