Data Processing Addendum (DPA)

If your website collects personal data from people in the UK or EU, data protection law (the UK GDPR and EU GDPR) treats you as the data controller and Wordify as your data processor. Article 28 requires a written agreement between you and any processor you use. That agreement is a Data Processing Addendum, or DPA.

Wordify provides a signed DPA to any customer who needs one, at no charge.

What our DPA covers

Our DPA tracks Article 28(3) of the UK and EU GDPR. It includes:

How to request one

Email [email protected] from your Wordify account email, or open a request from the Support section in your dashboard. To speed things up, include:

  1. The legal name of the entity to be named as the customer (for agency-managed sites, that's usually your client, as the data controller)
  2. The site or sites it should cover
  3. The name and title of the person who'll countersign

We'll prepare the DPA, sign it on behalf of Wordify, and email it to you as a PDF. Once it's countersigned and returned, both sides keep a copy and it takes effect from the date of the last signature. We usually turn requests around within a few business days.

Email [email protected]

Common questions

Do I need a DPA?
If your site processes personal data of people in the UK or EU (subscriber lists, customer accounts, orders, contact forms), Article 28 requires a contract like this between you and Wordify. If you're not sure, your privacy adviser can confirm, and it costs nothing to have one in place.

I'm an agency managing a client's site. Who signs?
Name your client as the customer. Our DPA covers agency arrangements, so you can request and coordinate it on their behalf while your client's authorised signatory countersigns.

Can I see your sub-processor list?
It's included in the DPA and available on written request. It's shared in confidence, and the DPA expressly lets you disclose it to your professional advisers, auditors, and regulators.

Do you hold ISO 27001 or SOC 2?
Wordify doesn't hold its own certification. The infrastructure providers our platform runs on all hold ISO 27001, and the DPA's security annex sets out the measures we maintain ourselves, including encryption, per-account isolation, and continuous monitoring.

Is there a charge?
No. The DPA is free for all customers.