Deplo

Data Processing Addendum (DPA) Template

This is our standard DPA template. It is executed per-customer after legal review. Request a signed copy at security@getdeplo.com. The commitments in it are drawn from Deplo’s actual, shipped practices (see the privacy policy and Trust & Security), so the template promises only what the product already keeps. Bracketed fields are filled in per customer.

This DPA forms part of the agreement between [Customer legal name] (“Customer”, the data controller) and Deplo (“Processor”), operated by [legal entity/sole proprietor name], for the services described at getdeplo.com (the “Services”).

1. Scope and roles

Customer is the controller of personal data processed through the Services; Deplo is the processor. Deplo processes personal data only on Customer’s documented instructions, as expressed through Customer’s use of the Services.

2. Data processed

  • Account data: names, email addresses, workspace membership of Customer’s users.
  • Salesforce metadata: API names, labels, descriptions of objects, fields, automation, and permission structures, when Customer connects an org or invokes an AI feature. Deplo does not bulk-export Salesforce records.
  • AI-feature content: the specific metadata or text a user submits with an AI action (e.g. a formula, a flow definition, an error message, which may incidentally quote record values Salesforce embeds in error text).
  • Extension direct-mode tools process no data on Deplo servers and are outside processing scope: they operate entirely within the user’s browser against Customer’s own Salesforce org.

3. Security measures

  • Encryption in transit (TLS) for all traffic.
  • Encryption at rest for stored credentials and tokens (AES-256-GCM with key rotation support) and for stored AI conversation content.
  • AI response caches are encrypted with keys derived from the request itself; cached responses cannot be browsed or bulk-decrypted.
  • Two-factor authentication available for all accounts; passwords stored bcrypt-hashed; API rate limiting on all endpoints.
  • Access to production systems is limited to [named operator(s)].

4. Subprocessors

Customer consents to the following subprocessors. Deplo will give 30 days’ notice before adding a subprocessor that receives Customer data.

SubprocessorPurposeLocation
Anthropic, PBCAI processing (Claude API, commercial terms: no training on inputs/outputs, ~30-day retention)USA
SupabaseDatabase hostingUSA
RenderApplication hostingUSA
VercelWeb hostingUSA
StripeBillingUSA
SentryError reporting (opt-in only, scrubbed)USA

5. Retention and deletion

  • Investigate conversations auto-delete after 90 days of inactivity and can be deleted immediately by the user (hard delete, no grace period).
  • AI response caches expire within 1–7 days.
  • On termination, Deplo deletes Customer personal data within 30 days, except where retention is legally required.
  • Customer may export its data at any time via the self-serve workspace export (Settings → Data & retention).

6. Breach notification

Deplo will notify Customer without undue delay, and in any case within 72 hours, after becoming aware of a personal data breach affecting Customer data, with the information reasonably required for Customer’s own obligations.

7. Assistance and audits

Deplo will reasonably assist Customer with data-subject requests and supervisory-authority inquiries. Once per year, on 30 days’ notice, Customer may request Deplo’s completed security questionnaire and documentation of the measures in §3 in lieu of an on-site audit.

8. International transfers

Where processing involves transfers from the EEA/UK, the parties incorporate the EU Standard Contractual Clauses (module 2, controller→processor) by reference. [Lawyer: confirm module choice and UK addendum.]

Signatures: [Customer] / [Deplo], date.

© 2026 Deplo. All rights reserved.