Draft pending legal review — last updated 2026-05-16. This document is a working draft published for transparency and has not yet been reviewed by qualified counsel.

DPA

Data Processing Agreement

Effective date: 2026-05-16

If you are a business customer in the EU, UK, or another GDPR-aligned jurisdiction, you can execute a Data Processing Agreement (DPA) with Your Office AI to govern our role as your processor under Article 28.

1. What the DPA covers

Subject matter and duration of the processing.
Nature and purpose of the processing (operation of the Your Office AI service).
Categories of data subjects and personal data — see the Privacy Policy §2.
Confidentiality, security measures, and audit rights.
Use of sub-processors — see the sub-processor list.
Standard Contractual Clauses (EU Commission Decision 2021/914, modules 2 and 3) for any transfer outside the EEA.
Assistance with data-subject requests and breach notification.

2. How to execute

Email dpo@yoffice.ai from a business address with:

your legal entity name and registered address;
the workspace URL or account email;
the name and title of the signatory.

We will return a counter-signed PDF within five business days. For most customers the standard template is sufficient; for enterprise customers we can negotiate amendments.

3. Sub-processors

Our sub-processors are listed at /legal/subprocessors. We will notify you in advance before adding or replacing a sub-processor that processes personal data.

4. Security measures

A summary of technical and organisational measures (TOMs) is at /legal/security. The DPA references these as Annex II and incorporates them by reference.

5. Cost

The standard DPA is provided at no cost on any paid plan. Custom riders and enterprise terms are available on request.