Legal
Data processing agreement.
A signable DPA covering UK GDPR processor obligations is available on request. Write to hello@sigilbase.io with your organisation's name and we will send it for signature.
A standard, self-serve DPA will be published on this page once finalised. Until then, the essentials it covers do not change: we process customer data only on your documented instructions, subprocessors are listed openly on the security page and changes to that list are notified, personal data is protected by the measures described there, and on termination you export your data and we delete what we hold, subject to the append-only design described in the terms.