Data Processing Addendum

Built-in DPA, signed in one click.

Loopin's DPA covers GDPR, UAE PDPL, KSA PDPL, and adds region pinning for Enterprise. Auto-attached at checkout, or grab a standalone copy below.

Version v3.2
Effective May 1, 2026
GDPR
UAE PDPL
KSA PDPL
Sign up + auto-sign DPADownload standalone PDF

What's in the DPA

Everything your DPO will ask for.

Standard contractual clauses

EU Commission SCCs (2021/914) for transfers out of the EEA, plus UK addendum where applicable.

Security exhibit

Our technical and organisational measures (TOMs): encryption, access control, vulnerability management, vendor review.

Sub-processor list

Every vendor we share data with, the purpose, the data category, the location. Updated with 30-day notice.

Audit and breach terms

Your audit rights, our notification commitments (72 hours), incident triage process, evidence we will provide.

Data residency commitments

Region pinning (UAE default, EU, Saudi, Singapore, US optional). No silent cross-region replication.

Plain-English summary

A two-page summary at the top so non-lawyers on your team can skim the contract in 5 minutes.

How signing works

Four steps. No back-and-forth.

1

Sign up or upgrade

Pick Growth or Enterprise during signup, or request the DPA in advance from your account exec.

2

DPA auto-attaches

We e-sign and attach the DPA to your master subscription agreement at checkout.

3

Counter-sign in DocuSign

You receive a DocuSign envelope. Counter-sign from any device. Both parties get a PDF copy.

4

Stored in your workspace

Your signed DPA lives in Settings, Legal, Contracts. Re-download anytime.

FAQ

Questions your legal team asks

Do you sign customer-specific DPAs?

We accept light redlines on the SCCs and the security exhibit. Bigger changes are negotiated on Enterprise contracts only.

Do you provide a SOC 2 / ISO 27001 report?

Yes. Under NDA, we share our SOC 2 Type II and ISO 27001 reports. Email security@loopin.app from your work address.

Do you carry cyber-liability insurance?

Yes, USD 10M aggregate. Our certificate of insurance is shared on request with Enterprise customers.

Can we add our own region restriction?

Yes, Enterprise customers can pin data to one of UAE (default), EU (Frankfurt), KSA (Riyadh), Singapore, or US.

Standalone DPA

Read or share before signup. Latest version, fully executable.

Request DPA PDF

v3.2 · May 1, 2026

Got redlines?

legal@loopin.app

Light redlines accepted within 5 business days on Growth, 2 business days on Enterprise.