Last updated: January 2026

If DigiParser will process personal data on your behalf, you may need a Data Processing Agreement (DPA) to comply with data protection regulations such as GDPR. This page explains how to obtain and sign a DPA with DigiParser.

A Data Processing Agreement (DPA) is a legal contract that defines the relationship between a data controller (you) and a data processor (DigiParser). It outlines how personal data will be processed, what security measures are in place, and the rights and obligations of both parties.

Under the EU General Data Protection Regulation (GDPR):

• Customer acts as the Data Controller
• DigiParser acts as the Data Processor

DigiParser processes customer data solely on documented instructions from the customer and only for the purpose of providing the agreed services.

When you use DigiParser to process documents containing personal data, DigiParser acts as a data processor, processing data according to your instructions as the data controller.

• We process personal data only in accordance with your instructions and this agreement
• We implement appropriate technical and organizational measures to protect personal data
• We assist you in meeting your obligations under applicable data protection laws
• We work with sub-processors that meet our security and data protection standards
• We follow applicable data protection laws for breach notification
• We assist you in responding to data subject requests (access, deletion, etc.)

DigiParser may process the following data types as part of document processing workflows:

• Document files (including but not limited to PDF, Excel, DOCX, CSV, images, and email attachments)
• Extracted structured data derived from submitted documents
• Account information (name, email, company information)
• Parser configurations including field definitions, extraction rules, and processing settings
• Team member information including names, email addresses, roles, and permissions

DigiParser is not designed to specifically collect or target special category (sensitive) personal data. Documents are processed as provided by the customer, who remains responsible for the content of submitted data.

• Customer data is hosted and processed in the European Union (EU) region by default for enterprise customers.
• For standard customers, data may be hosted in the United States, with options for EU data residency available upon request.
• Data is not transferred outside the selected region unless explicitly configured or required for service delivery.
• DigiParser does not sell or share customer data with third parties for marketing or independent purposes.

We implement appropriate technical and organizational measures to protect personal data, including:

• Encryption of data in transit and at rest
• Secure, signed URLs for document access
• Logical tenant isolation between customers
• Role-based access controls
• Access controls and authentication requirements
• Regular security assessments and updates
• Secure infrastructure and monitoring
• Staff training on data protection

For detailed information about our security measures, see our Security Policy.

• DigiParser personnel do not have access to customer documents by default
• Support access requires explicit customer consent
• Access is granted per document or per request, not globally
• All access is logged and limited to troubleshooting purposes only

• Data retention is configurable (e.g., 1 day, 1 week, 1 month, or longer based on your account settings)
• Customers may request deletion of data at any time
• Upon termination of a paid subscription, all customer data is deleted in accordance with agreed retention policies
• We retain personal data only for as long as necessary to provide our services or as required by law
• Some data may be retained longer if required by law or for legitimate business purposes

For more details, see our Privacy Policy.

We may use sub-processors (third-party service providers) to provide our services. We ensure that all sub-processors:

• Meet our security and data protection standards
• Are bound by appropriate data protection obligations
• Are listed in our Third Party Subprocessors page

We will notify you of any changes to our sub-processors. If you object to a new sub-processor, you may terminate your agreement with us.

DigiParser maintains procedures to detect, respond to, and mitigate security incidents.

In the event of a personal data breach impacting customer data, DigiParser will follow applicable data protection laws and GDPR requirements for breach notification, including providing relevant details about the nature of the breach and measures taken to address it.

We assist you in responding to requests from data subjects (individuals whose personal data is being processed) to exercise their rights under applicable data protection laws, including:

• Right to Access: Request access to the personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of personal data
• Right to Data Portability: Export data in a machine-readable format
• Right to Object: Object to certain types of data processing

Requests are handled in accordance with GDPR timelines (typically within 30 days).

To request a Data Processing Agreement with DigiParser:

1. Email us at [email protected] with the following information:

   • Your company name
   • Company address
   • Name and position of the person who will sign the DPA on behalf of your company
   • Any specific requirements or customizations you need

2. We will provide a DPA document for review and signature

3. Sign and return the DPA to us

4. We will countersign and return a fully executed copy to you

• DigiParser is committed to GDPR compliance and data protection best practices
• Upon request, DigiParser can enter into a Data Processing Agreement (DPA) with customers
• We regularly review our codebase and infrastructure for security vulnerabilities
• We maintain audit trails and logs for all data processing activities

Enterprise customers with specific requirements or who need customized DPAs can contact us directly at [email protected]. We can work with you to address specific compliance needs or contractual requirements.

If you have questions about our data processing practices or need assistance with a DPA, please contact us at [email protected].

For more information about GDPR compliance, see our GDPR at DigiParser page.