Data Processing Agreement

Last updated: March 2026

A per-site DPA is required before GPCGuard activates signal recording and embed generation for any registered site. This gate is enforced at the platform level inside the dashboard. The DPA you accept in the dashboard is the default operative agreement for that site's signal processing unless a separately signed agreement supersedes it.

Scope of processing

GPCGuard processes GPC signals on behalf of the site operator (the customer) to generate structured decision records. Processing includes: reading the Sec-GPC HTTP header and navigator.globalPrivacyControl value, validating the request against the guard chain, recording the decision outcome (hashed identifiers, signal type, action, edge PoP, policy version), and returning the policy response.

GPCGuard does not process end-user identity, plaintext PII, or financial data. Processing is limited to what is necessary to generate the decision telemetry described here.

Roles

The site operator remains responsible for the purposes and downstream handling of any end-user data implicated by GPC signals. For this workflow, GPCGuard acts as the customer's processor or service provider, depending on the applicable law and agreement, for the purpose of generating decision records from those signals. GPCGuard does not independently determine the purposes of the customer's downstream data use.

Security measures

GPCGuard implements tenant isolation via Row Level Security (RLS) at the database layer. Business data is accessible only via authenticated user paths: direct table operations use user JWT + RLS, and internal-only evidence surfaces use narrow auth.uid()-scoped database functions. In customer-api, service role is used only for Auth token validation; public runtime, billing webhook, health, and ops functions use server-only service-role clients for narrowly scoped backend operations. Service-role credentials are never exposed to frontend code. Signal records are stored with hashed identifiers.

See the Security Overview and Architecture Commitments for full technical posture.

Sub-processors

GPCGuard uses infrastructure and billing providers to operate the service, including Supabase for database, auth, and edge function hosting. See the current subprocessor table for provider categories and notes. Enterprise customers can negotiate subprocessor terms in a signed agreement.

Enterprise DPA

Enterprise customers requiring a custom MSA and DPA should contact us directly. Custom agreements are available for organizations with specific legal, retention, or compliance requirements.

Request a custom DPA →

Contact

DPA and data processing inquiries: support@gpcguard.app