SimpleAct Logo

Data Processing Agreement (DPA)

Contractual framework for processing personal data on behalf of customers.

1. Scope

SimpleAct processes personal data only on documented customer instructions to provide the contracted SaaS service.

2. Data categories and purposes

  • User and organization data for account management and access control.
  • Compliance content entered by customer users in the platform.
  • Technical log data for security, stability and troubleshooting.

3. Technical and organisational measures (TOMs)

  • Encryption in transit (TLS) and role-based access controls.
  • System and audit logging for security-relevant events.
  • Regular backups with documented restore procedures.
  • Patch and vulnerability management process.

4. Sub-processors

Current sub-processors are listed in the privacy policy. Changes are communicated according to contractual obligations.

5. Data subject requests and incidents

SimpleAct supports customers with data subject requests and informs customers without undue delay in case of incidents involving personal data.

Contact: info@simpleact.de

Version: March 2026

Download SLA + DPA bundleBack to homepage
Arturs Nikitins
SimpleAct – EU AI Act Compliance