We work in your timezone - UK / Europe / Canada / Gulf London Dublin Toronto Dubai
Home / Legal / DPA template
Template · executed per engagement

Data Processing Agreement

The data terms behind every engagement that touches personal data. Published as a template so you can read what you'll sign before the first call; each engagement executes a tailored version with the schedules completed.

Standard starting text, published for transparency. Each engagement executes a tailored version; where a signed agreement differs from this page, the signed agreement prevails.

1. Parties and roles

The Client (controller) and Meridianstacks (processor). Meridianstacks processes personal data only within the scope of the services agreement it accompanies, and this DPA forms part of that agreement.

2. Scope of processing (Schedule A, completed per engagement)

3. Processor obligations

4. Sub-processors

No sub-processor is engaged without the Client's prior written authorisation. Authorised sub-processors (e.g. the hosting provider named in Schedule B) are bound by terms no less protective than this DPA, and Meridianstacks remains fully liable for their performance.

5. International transfers

Meridianstacks' engineering hubs are in Nigeria, Kenya and South Africa, which do not hold UK/EU adequacy decisions. Transfers are therefore protected by the mechanism matching the Client's regime, incorporated by reference and executed together with this DPA:

6. Liability and term

Liability follows the services agreement's liability clause. This DPA lasts as long as Meridianstacks processes personal data for the Client and survives until deletion/return is complete.

Template v1.0 · July 2026 · Questions or redlines welcome: [email protected]