Deskwoot logoDeskwoot

Sign your DPA in your Deskwoot dashboard

Wrap up your GDPR Article 28 Data Processing Agreement with Deskwoot in under a minute.

Also available in:DeutschPortuguês

Signing your GDPR Data Processing Agreement in Deskwoot takes under a minute from the Settings menu: you fill in your company details, sign electronically, and receive a countersigned PDF immediately, with no email loop and no three-day wait. Deskwoot lets you sign that DPA electronically in under a minute. No DocuSign loop, no waiting for a counter-signature.

How to sign it

  1. Go to Settings, Legal, DPA in the dashboard.
  2. Click Read the sample DPA to skim the full agreement before you commit. The same text becomes your signed PDF, so there are no surprises after the fact.
  3. Fill in your company name, address, country, and the authorized signer's name and role.
  4. Tick the acceptance box and click Accept and get PDF.
  5. You will receive a confirmation email with the fully signed PDF as an attachment, and the same PDF stays available from the dashboard at any time.

What we capture for non-repudiation

Article 28(9) GDPR accepts electronic conclusion of the DPA, but only with a verifiable acceptance trail. Every signature on Deskwoot stores:

  • Signer email, name, role, company, and country
  • Acceptance timestamp and DPA version
  • IP address and the full x-forwarded-for chain
  • User-agent and Sec-CH-UA browser, platform, and mobile flags
  • Cloudflare CF-Ray ID and CF-IPCountry, region, and city for tamper-resistant geo
  • Accept-Language header, DNT preference, and Referer URL
  • SHA-256 hash of the rendered PDF for tamper detection

This is all written twice. Once on the DpaAcceptance row in your account, and once into your audit log under dpa.accept. If anyone ever disputes the signature later, both records would have to be tampered with at the same time to fake a denial.

When we update the DPA

If we materially change the DPA (typically when adding a new sub-processor or changing a transfer mechanism), we bump the version number and prompt you to re-sign in the dashboard. Old acceptances stay in your history. The new one supersedes them.

Sub-processors

Annex B of the DPA lists every sub-processor we use, what data category they handle, and the GDPR transfer mechanism. Where the sub-processor publishes a customer-facing DPA of their own (Cloudflare and Stripe at the time of writing), the link is shown right next to their privacy policy on deskwoot.com/dpa, so you can chase the SCC chain in one click.

Past acceptances

The DPA settings page lists all your historical signatures, including superseded ones. Each entry has its own download link, so your audit trail stays continuous even across DPA-version bumps.

Related articles

Back to Help Center