Data Processing Agreement (DPA)

Roles

Controller: User. Processor: ContractBot.dk.

Processing Scope

We process data only for contract generation, contract analysis, reporting, billing support, and service functionality under user instruction.

Processor Commitments

• GDPR-oriented processing and operational safeguards.
• Secure processing and access controls.
• No unauthorized sharing of user-submitted contract data.
• Support for data subject rights upon request.

Subprocessors

Active providers used for core service operation:

• Stripe for payment processing.
• Cloudflare for hosting, security, routing, and infrastructure.

Signature Providers

Where ContractBot enables signing through third-party providers such as Scrive, DocuSign, Penneo, Visma Addo, MitID-enabled workflows or other configured providers, such providers may process signing metadata, identity verification data, certificate information, transaction IDs and audit evidence. Depending on the selected workflow and legal role, such providers may act as subprocessors, independent controllers or independent trust-service providers under their own terms.

Planned / optional providers after demo activation may include Scrive, MitID-enabled workflows, DocuSign, Penneo, Visma Addo or other configured signing providers. A provider should not be treated as active for a specific customer workflow unless it is enabled and disclosed for that workflow.

Retention

Data is retained only as long as necessary for service operation, legal compliance, security, billing, or agreed user-requested storage.

Contact

legal@contractbot.dk