Enterprise & DPA
Data Processing Agreement availability, compliance roadmap, and what's included in the Enterprise security package.
Data Processing Agreement
A standard DPA (GDPR Article 28 compliant) is available for all Enterprise customers on the $499/month plan. It covers:
- Subject matter and duration of processing
- Nature and purpose of the processing
- Type of personal data and categories of data subjects
- Obligations and rights of the controller
- Sub-processor list with DPA references
Compliance roadmap
Encryption in transit (TLS 1.2+)
Encryption at rest (AES-256)
Org-level row isolation
API key scoping per org
DPA available on request
GDPR — data minimisation
CCPA — deletion on request
SSO / SAML (Clerk Enterprise)
SOC 2 Type II
Enterprise security package
Enterprise customers ($499/month) receive the following on request:
Signed DPA
GDPR Article 28 compliant. Returned within 5 business days.
Sub-processor list
Complete list with individual DPA references for each vendor.
Security questionnaires
Pre-completed VSA and SIG Lite questionnaires for your procurement team.
Custom data retention
Configure scorecard retention periods beyond the default account lifetime.
Dedicated Slack channel
Direct line to the QualityOS team for incident communication and support.
Auditor engagement letter
If your procurement requires SOC 2 before Q4 2026, we provide a letter of engagement from our auditor.
Ready to start an enterprise security review?
We aim to acknowledge all requests within 48 hours.
Request enterprise security review →