MITPO

MITPO

Legal

Data Processing Addendum

Last updated: April 20, 2026

How to request MITPO’s DPA and the processor relationship it establishes. Email dpa@mitpo.com to start a request — we return a signed-ready copy within a few business days.

Privacy PolicySecuritySub-processors

What a DPA Is

A Data Processing Addendum (DPA) is a legal document that governs how one party processes personal data on behalf of another. Under frameworks like the GDPR, the UK GDPR, and analogous regimes in other jurisdictions, the customer is the "controller" of personal data they bring into a service, and the service provider is the "processor". The DPA describes what the processor is allowed to do, how it must protect the data, and what it owes the controller if something goes wrong.

How to Request

Email dpa@mitpo.com with the following information and we will send our current DPA for counter-signature. We typically turn these around in two to five business days.

  • Your legal entity name and registered address.
  • The primary MITPO account email the DPA is associated with.
  • Your contact for the legal review (name + email).
  • Any jurisdiction-specific addenda you need (for example, Standard Contractual Clauses for EU/EEA processing).

What Our DPA Covers

Our DPA follows standard industry practice for SaaS processors. A full reading is in the document itself, but the shape is consistent across versions.

  • The categories of personal data MITPO processes on your behalf.
  • The processing purposes (delivering the features you use).
  • Security measures MITPO commits to — see the Security page for the technical detail.
  • Sub-processor governance — see the Sub-processors page for the current list.
  • Data subject rights handling and breach notification obligations.
  • Standard Contractual Clauses attached where applicable for cross-border transfers.

Custom Terms and Redlines

We prefer our standard DPA because consistency across customers is how we actually deliver on it. If your legal team requires a custom version, we review redlines on engagements that make sense for both sides — typically Growth plan or above. For very small engagements, accepting our standard DPA is usually the right path for both parties.

Where Your Data Is Processed

MITPO operates primarily from the United States. The database and primary object storage are US-hosted. Edge delivery (static assets, the web tier) is served from the provider's global edge network, which may cache public content near the viewer. AI model providers process content in the region their product exposes — selecting a model in the picker implies that model's region.

For customers that need stricter data residency, open a conversation with support@mitpo.com and we will walk through which features of the product can meet your constraints today.

Contact

DPA requests: dpa@mitpo.com. General privacy questions: support@mitpo.com. Security-specific questions: security@mitpo.com.