What the document does
The DPA defines our roles, the data we touch on your behalf, how we protect it, and the commitments we make about transfers, retention, and your rights. It sits alongside our terms of service and is signed before or at purchase. It turns the promises on this site into binding commitments.
Who needs one
Teams subject to GDPR, UK GDPR, or CCPA usually require a signed DPA before rolling Cuttlefish out. So do organizations whose security or procurement process gates new tools on a data agreement. If that is you, request the signed copy and route it through your reviewers.
How to get it
Email our legal team and tell us your company, your work email, and any review deadline. We send the current signed DPA for your counsel to review and execute. If you have security-specific questions, those can run in parallel through our security and subprocessor routes.