Legal · DPA
Data Processing Agreement
How Pegalio processes personal data on your behalf.
This summary explains the key terms of Pegalio's Data Processing Agreement (DPA). The DPA forms part of our customer agreement and governs how we process personal data on your instructions as a processor. A signable PDF is available on request.
Key terms
Roles of the parties
For personal data you submit to the service, you act as the data controller and Pegalio acts as the data processor, processing personal data only on your documented instructions.
Scope & purpose
Pegalio processes personal data solely to provide and support the onboarding platform — hosting, workflow, communications, and the features you enable — and not for any independent purpose.
Sub-processing
You authorize Pegalio to engage the sub-processors listed at /subprocessors. We impose data-protection obligations on each sub-processor and notify you of changes so you can object.
International transfers
Where personal data is transferred across borders, transfers are governed by appropriate safeguards, including the EU Standard Contractual Clauses (SCCs) and the UK Addendum where applicable. EU data residency is available.
Security measures
Pegalio maintains technical and organizational measures appropriate to the risk, including encryption in transit and at rest, role-based access control, MFA, logging, and regular testing — described in our Trust Center.
Data-subject rights
Pegalio provides reasonable assistance to help you respond to data-subject requests (access, rectification, erasure, portability, and objection) through platform tooling and support.
Personal-data breaches
Pegalio notifies you without undue delay after becoming aware of a personal-data breach affecting your data, with the information you need to meet your own notification obligations.
Retention & deletion
Pegalio processes personal data for the term of the agreement and deletes or returns it on termination, subject to limited legal retention requirements, after which it is securely deleted.
Audits & assurance
Pegalio makes available the information needed to demonstrate compliance, including third-party audit reports (such as SOC 2) under NDA, and supports audits subject to reasonable conditions.
Request a signable DPA
Email [email protected] to receive an executable DPA. We typically return a countersigned copy within two business days.