Home β€Ί Compliance & Legal β€Ί DPA & Addendums

Data Processing Agreements & Addendums

Access GeoServer’s standardized Data Processing Agreements, security addendums, and regulatory compliance documents. All templates align with GDPR, CCPA/CPRA, HIPAA (where applicable), and ISO 27001 standards.

As a data processor, GeoServer enters into Data Processing Agreements (DPAs) with all customers who process personal data through our platform. Below you will find our master DPA, jurisdiction-specific addendums, and supplementary security documents. All agreements are subject to your active subscription tier and service configuration.

Available Agreements & Addendums

πŸ“œ
v3.2

Master Data Processing Agreement

Core DPA covering data controller/processor responsibilities, lawful processing bases, data subject rights, and breach notification procedures.

πŸ“… Updated: Mar 14, 2025 🌍 Global
Download PDF ↓
πŸ‡ͺπŸ‡Ί
v2.1

EU Standard Contractual Clauses (SCCs)

Supplementary module for cross-border data transfers outside the EEA/UK, aligned with EU Commission Regulation 2021/914.

πŸ“… Updated: Feb 08, 2025 🌍 EU/EEA/UK
Download PDF ↓
πŸ›‘οΈ
v4.0

Security & Confidentiality Addendum

Details technical and organizational measures (TOMs), encryption standards, access controls, and incident response SLAs.

πŸ“… Updated: Jan 22, 2025 🌍 Global
Download PDF ↓
πŸ₯
v1.5

Business Associate Agreement (BAA)

For US healthcare entities requiring HIPAA-compliant processing safeguards. Only available on Enterprise plans.

πŸ“… Updated: Apr 01, 2025 πŸ‡ΊπŸ‡Έ United States
Request Access πŸ”’
🌐
v2.0

Subprocessor & Data Transfer Addendum

Lists approved sub-processors, transfer mechanisms, and opt-out procedures for third-party data handling.

πŸ“… Updated: Mar 29, 2025 🌍 Global
Download PDF ↓
πŸ“Š
v3.1

Geospatial Data Governance Addendum

Covers spatial data provenance, coordinate reference system compliance, and open-standard format retention policies.

πŸ“… Updated: Mar 05, 2025 🌍 Global
Download PDF ↓

Regulatory Alignment & Certification Status

Framework / Regulation Coverage Document Reference Status
GDPR (EU/EEA) Full Controller-Processor Compliance Master DPA + EU SCCs Active
CCPA / CPRA (California) Data Processing & Deletion Rights Master DPA + Security Addendum Active
HIPAA (USA) ePHI Processing Safeguards Business Associate Agreement Enterprise Only
ISO 27001:2022 Information Security Management Security & Confidentiality Addendum Certified
SOC 2 Type II Security, Availability, Confidentiality Security Addendum + Audit Reports Audited Q1 2025

Request a Custom DPA or Amendment

Need a jurisdiction-specific variation, extended liability terms, or a bespoke data processing workflow? Submit a request below. Our compliance team typically responds within 2 business days.

πŸ”’ All submissions are encrypted and processed under strict confidentiality.
Legal Disclaimer These documents are provided for informational and contractual purposes. They do not constitute legal advice. GeoServer recommends consulting qualified legal counsel before signing, amending, or relying on these agreements for regulatory compliance. Terms are subject to change; always verify the latest version in your customer portal.