Data Processing Addendum

A signed DPA, on request, for any EU customer.

Luota processes customer data as a processor under GDPR Article 28 when you use the service to monitor your async work. A signed DPA is available to any customer that needs one; there is no minimum plan tier.

Email the founder Subprocessors Privacy

What you get

A signed DPA covering Article 28 obligations.

Subject matter, duration, nature and purpose of processing, types of personal data, categories of data subjects, and controller/processor obligations. Standard terms cover the common case; custom riders are handled when procurement requires them.

How to request

Email the founder. Reply within a few business days.

Send your legal entity name, billing address, and the workspace email you use with Luota. Luota countersigns and returns the signed PDF, typically within two business days.

Subprocessors

The DPA references the public subprocessor list.

The canonical processor list lives on /subprocessors so customers and procurement teams can link to one stable disclosure page.

Open subprocessor list

Security

Security posture is published separately.

Operational safeguards, backup posture, encryption boundaries, and abuse controls are summarized on the public security page.

Open security posture

Subprocessor changes are notified by email to anyone on the change-notice list.

Join the change-notice list