{"@context":"https://schema.org","@type":"DigitalDocument","@id":"https://signals.gitdealflow.com/.well-known/dpa.json","name":"Data Processing Agreement (DPA) — VC Deal Flow Signal","description":"Pointer to the GDPR Article 28 Data Processing Agreement that governs subscriber-PII processing by VC Deal Flow Signal acting as Controller and any subprocessor acting as Processor. The DPA is the legal companion to the compliance posture published at /.well-known/compliance.json.","license":"https://creativecommons.org/licenses/by/4.0/","publisher":{"@type":"Organization","@id":"https://gitdealflow.com/#organization"},"dateModified":"2026-05-08","contractVersion":"2026-05-08.f38","controller":{"legalName":"VC Deal Flow Signal (GitDealFlow)","contact":"signal@gitdealflow.com","rolesScope":["Controller for subscriber email, Stripe customer ID, share tokens, scout-session metadata","Processor (none) — we engage no upstream controllers"]},"template":{"url":"https://signals.gitdealflow.com/dpa","format":"text/html","signedFormat":"On request — emailing signal@gitdealflow.com with company legal name returns a counter-signed PDF within 5 business days","countersignContact":"signal@gitdealflow.com","appliesTo":["Insider Tier (€97/mo)","Sharp Tier (€497/mo)","Sector Sweep (€1,997 one-time)","Agent Credits (€19 / 100 calls)","Custom enterprise scopes"]},"sccs":{"applicable":true,"version":"EU 2021/914 Module Two (Controller-to-Processor)","url":"https://commission.europa.eu/system/files/2021-06/1_en_annexe_acte_autonome_cp_part1_v5_0.pdf","notes":"Modules invoked when subprocessors process subscriber PII outside the EEA. See /.well-known/subprocessors.json for residency per processor."},"processing":{"subjectMatter":"Hosting, billing, transactional email, and analytics for paid subscribers of VC Deal Flow Signal.","duration":"Lifetime of the subscription + 12 months retention","nature":"Subscriber identification, billing, transactional email delivery, and pseudonymous product analytics","purpose":"Service operation; compliance with tax law (Stripe records); auditability for paid-tier disputes","dataCategories":["email","stripe_customer_id","share_tokens"],"dataSubjectCategories":["paid subscribers","free subscribers (email-only)"]},"transfers":{"primaryRegion":"EU (Vercel fra1, Hetzner Helsinki, PostHog Frankfurt)","failoverRegion":"US (Vercel iad1, Stripe US, Resend US, Coinbase US)","safeguards":["Standard Contractual Clauses (Module Two) for non-EEA processors","Data Processing Agreements with all PII-processing subprocessors","Field-level encryption at rest (Stripe, Resend, PocketBase)"]},"relatedSurfaces":["https://signals.gitdealflow.com/dpa","https://signals.gitdealflow.com/.well-known/subprocessors.json","https://signals.gitdealflow.com/.well-known/compliance.json","https://signals.gitdealflow.com/.well-known/transparency.json","https://signals.gitdealflow.com/.well-known/security-policy.json"]}