Data Processing Agreement
Last updated: 26 June 2026
This Data Processing Agreement ("DPA") supplements the Terms of Service and applies when Northwise processes personal data on behalf of a customer in its role as data processor under the General Data Protection Regulation (GDPR).
1. Definitions
[LEGAL CONTENT GOES HERE — Controller, Processor, Personal Data, Processing, Sub-Processor as defined in GDPR]
2. Subject matter and duration
[LEGAL CONTENT GOES HERE — Northwise processes customer architecture data (elements, principles, decisions, user records) for the duration of the subscription]
3. Nature and purpose of processing
[LEGAL CONTENT GOES HERE — Hosting, storage, delivery, and feature operation of the Northwise platform for the customer's internal architecture practice]
4. Categories of data subjects
[LEGAL CONTENT GOES HERE — Customer's employees and contractors who have user accounts on the Northwise tenant]
5. Processor obligations
[LEGAL CONTENT GOES HERE — Confidentiality, security measures, sub-processor approval, audit rights, breach notification within 72 hours, data deletion on termination]
6. Sub-processors
[LEGAL CONTENT GOES HERE — List of approved sub-processors with country and processing purpose. Customer consents to use of these sub-processors by accepting the DPA]
7. International transfers
[LEGAL CONTENT GOES HERE — All processing in the EU. SCCs are available as an annex if required for specific customer configurations]
8. Technical and organisational measures
[LEGAL CONTENT GOES HERE — Encryption at rest and in transit, access controls, logging, vulnerability management, employee training]
Need the full DPA document?
The complete DPA including annexes (Technical and Organisational Measures, Sub-processor list, Standard Contractual Clauses if applicable) is available as a PDF on request. Most customers on Team and Business tiers can countersign electronically via DocuSign.
Request full DPA