Skip to main content
AAtlas
See a live renewal
Legal

Data Processing Addendum

We execute a DPA with every enterprise customer who processes personal data through Atlas. The current template is under counsel review and available on request.

What we can tell you today
  • Atlas acts as a Processor; customer is the Controller. Processing is strictly within documented customer instructions.
  • Subprocessor list published and kept current. Customer notified 30 days before any new subprocessor is added, with right to object.
  • Sub-processors limited to data-plane vendors (Neon, Cloudflare, Resend, Anthropic, OpenAI as applicable) — all US-only regions, all with executed BAA or DPA.
  • 72-hour breach notification for confirmed personal-data breaches. Incident details, scope, and remediation provided per contract.
  • Standard Contractual Clauses (SCCs) appended for customers with EU/UK data subjects, even though Atlas's primary market is US.
Customers with active enterprise contracts have an executed DPA on file. Request a copy of the current template for diligence.
For the current draft or to start a review
contracts@velora.com
Back to Atlas