Yes, we offer all Enterprise subscription level customers a Data Processing Agreement that you may sign and return to us at support@filemail.com in which you will receive back a counter-signed version.
Our DPA outlines how Filemail processes your personal data on your behalf, clarifies each party’s responsibilities, and ensures we meet strict security and privacy standards like the GDPR.
In a nutshell
Roles & Scope
You’re the Data Controller (you decide how and why data is used); Filemail is the Data Processor (we handle only the data you send us—filenames, metadata, and file contents—strictly under your instructions).
Security & Sub-Processors
We use end-to-end SSL/TLS encryption, strong access controls, regular audits and vulnerability scans. Any third-party sub-processors we engage (for hosting, support, analytics) must adhere to the same safeguards.
Data Subject Rights & Breach Notification
We’ll assist you with access, correction, deletion or portability requests. If a security incident affects your data, we’ll notify you without undue delay and work to resolve it.
Data Transfers, Retention & Deletion
Cross-border transfers rely on approved mechanisms (e.g., Standard Contractual Clauses). You control retention periods, and at your request—or when our service ends—we permanently delete your files and related personal data.
Audit & Compliance
Upon reasonable notice, you or your auditor can review our controls. We continually update our practices to stay aligned with evolving regulations.
The Data Processing Agreement (DPA) template is available for download here.