Data & Compliance

Common Paper Data Processing Agreement

A data processing agreement cover page and standard terms, based on Common Paper's standard form. Covers GDPR and data protection compliance, including processor/controller roles, data transfers, subprocessors, and security measures.

100 fields CC-BY-4.0 Common Paper

Try this template in an AI workflow

Claude Code or another coding agent

Start with the setup guide for Claude Code, Gemini CLI, and local package execution. The install page will keep the handoff tied to this template.

Learn how to fill this template

CLI

npx open-agreements fill common-paper-data-processing-agreement -d values.json -o output.docx

Fields (100)

Parties

Field	Type	Description
Company Name `company_name`	string	Official company name

Service

Field	Type	Description
Product Name `product_name`	string	Name of product or service

Terms

Field	Type	Description
Underlying Agreement `underlying_agreement`	string	Name and date of the underlying agreement

Parties

Field	Type	Description
Customer Contact Name `customer_contact_name`	string	Customer contact name
Customer Contact Title `customer_contact_title`	string	Customer contact title
Customer Address `customer_address`	string	Customer's physical address
Provider Contact Name `provider_contact_name`	string	Provider contact name
Provider Contact Title `provider_contact_title`	string	Provider contact title
Provider Address `provider_address`	string	Provider's physical address
Physical Address `physical_address`	string	Physical address for notifications
Contact Address `contact_address`	string	Email and/or physical address

Terms

Field	Type	Description
Provider Role `provider_role`	string	Provider's role (Controller or Processor)

Legal

Field	Type	Description
Governing Law `governing_law`	string	Governing law state/province/country
Eu Member State `eu_member_state`	string	EU Member State for disputes
Uk Governing Law `uk_governing_law`	string	UK governing law selection

Privacy

Field	Type	Description
Subprocessor Name `subprocessor_name`	string	Subprocessor name

Terms

Field	Type	Description
Custom Option `custom_option`	string	Custom option for selections
Custom Options `custom_options`	string	Multiple custom options
URL `url`	string	URL for references

Privacy

Field	Type	Description
Countries List `countries_list`	string	List of all countries for data transfers

Terms

Field	Type	Description
CSA Reference `csa_reference`	string	Common Paper CSA reference
Non CSA Reference `non_csa_reference`	string	Non-CSA agreement reference

Privacy

Field	Type	Description
Security Measures `security_measures`	string	Description of security measures

Terms

Field	Type	Description
Text Box `text_box`	string	General text box entry

Security

Field	Type	Description
Other Security Certification `other_security_certification`	string	Name of additional security certification (e.g. "ISO 27701 Privacy Information Management")

Legal

Field	Type	Description
DPA Covered Claims Detail `dpa_covered_claims_detail`	string	Specific scope of DPA Covered Claims (e.g., breach of DPA, gross negligence resulting in Security Incident)

Liability

Field	Type	Description
Cap Multiplier `cap_multiplier`	string	Liability cap multiplier
Greater Of Dollar `greater_of_dollar`	string	Dollar amount for the greater-of liability cap

Privacy

Field	Type	Description
Policy URL `policy_url`	string	URL of where to find policies
Has Subprocessor `has_subprocessor`	boolean	Set to true when a pre-approved subprocessor is specified.

Security

Field	Type	Description
DPA Security Reasonable Efforts `dpa_security_reasonable_efforts`	boolean	Set to true when Provider will use commercially reasonable efforts to secure the Service from unauthorized access.
Has DPA Security Policy `has_dpa_security_policy`	boolean	Set to true when Provider has a Security Policy available at the specified policy_url.
Has DPA Security Certifications `has_dpa_security_certifications`	boolean	Set to true when Provider maintains annually updated security reports or certifications.
Cert Iso 27001 `cert_iso_27001`	boolean	Set to true when Provider holds ISO 27001 certification.
Cert Penetration Testing `cert_penetration_testing`	boolean	Set to true when Provider performs regular penetration testing.
Cert Soc2 Type1 `cert_soc2_type1`	boolean	Set to true when Provider holds SOC 2 Type I certification.
Cert Pci Level1 `cert_pci_level1`	boolean	Set to true when Provider holds PCI Level 1 certification.
Cert Soc2 Type2 `cert_soc2_type2`	boolean	Set to true when Provider holds SOC 2 Type II certification.
Cert Pci Level2 `cert_pci_level2`	boolean	Set to true when Provider holds PCI Level 2 certification.
Cert Hipaa `cert_hipaa`	boolean	Set to true when Provider holds HIPAA certification.
Cert Fedramp `cert_fedramp`	boolean	Set to true when Provider holds FedRAMP Authorization.
Cert Other `cert_other`	boolean	Set to true to include an additional security certification. Specify the certification in other_security_certification.

Liability

Field	Type	Description
Indemnification CSA Reference `indemnification_csa_reference`	boolean	Set to true when using Common Paper CSA-style indemnification reference for DPA Covered Claims.
Indemnification Non CSA Reference `indemnification_non_csa_reference`	boolean	Set to true when using non-CSA indemnification language for DPA Covered Claims.
Cap CSA Reference `cap_csa_reference`	boolean	Set to true when using CSA-style Increased Claim cap for DPA Covered Claims.
Cap Non CSA Reference `cap_non_csa_reference`	boolean	Set to true when using non-CSA liability cap language for DPA Covered Claims.

Legal

Field	Type	Description
Has DPA Governing Law `has_dpa_governing_law`	boolean	Set to true when DPA-specific governing law overrides the Agreement's governing law clause.
Has Ccpa Terms `has_ccpa_terms`	boolean	Set to true when California Consumer Privacy Act (CCPA) terms are included in the DPA.

Privacy

Field	Type	Description
Has Eea Transfers `has_eea_transfers`	boolean	Set to true when EEA data transfer mechanisms are specified.
Has Uk Transfers `has_uk_transfers`	boolean	Set to true when UK data transfer mechanisms are specified.
Data Subject End Users `data_subject_end_users`	boolean	Set to true when end users or customers are included as data subjects.
Data Subject Employees `data_subject_employees`	boolean	Set to true when employees are included as data subjects.
Data Subject Custom `data_subject_custom`	boolean	Set to true to include a custom data subject category. Specify in custom_option.
Pd Name `pd_name`	boolean	Set to true when Name is a category of personal data processed.
Pd Contact `pd_contact`	boolean	Set to true when contact information (email, phone, address) is a category of personal data processed.
Pd Employment `pd_employment`	boolean	Set to true when employment information (employee ID, compensation) is a category of personal data processed.
Pd Financial `pd_financial`	boolean	Set to true when financial information (bank account numbers) is a category of personal data processed.
Pd Professional `pd_professional`	boolean	Set to true when professional or biographic information (resume, CV) is a category of personal data processed.
Pd Transactional `pd_transactional`	boolean	Set to true when transactional information (account info, purchases) is a category of personal data processed.
Pd User Activity `pd_user_activity`	boolean	Set to true when user activity and analysis (device info, IP address) is a category of personal data processed.
Pd Location `pd_location`	boolean	Set to true when location information is a category of personal data processed.
Pd Custom `pd_custom`	boolean	Set to true to include a custom personal data category. Specify in custom_option.

Security

Field	Type	Description
Security Measures See Policy `security_measures_see_policy`	boolean	Set to true when security measures reference the Security Policy.
Security Measures Custom `security_measures_custom`	boolean	Set to true to include custom security measures. Specify in custom_option.

Privacy

Field	Type	Description
Processing Continuous `processing_continuous`	boolean	Set to true when data processing is continuous.
Processing Frequency Custom `processing_frequency_custom`	boolean	Set to true to specify a custom processing frequency. Specify in custom_options.
Pa Receiving `pa_receiving`	boolean	Set to true when receiving data (collection, accessing, retrieval) is a processing activity.
Pa Holding `pa_holding`	boolean	Set to true when holding data (storage, organization, structuring) is a processing activity.
Pa Using `pa_using`	boolean	Set to true when using data (analysis, consultation, testing) is a processing activity.
Pa Updating `pa_updating`	boolean	Set to true when updating data (correcting, adaptation, alteration) is a processing activity.
Pa Protecting `pa_protecting`	boolean	Set to true when protecting data (restricting, encrypting, testing) is a processing activity.
Pa Sharing `pa_sharing`	boolean	Set to true when sharing data (disclosure, dissemination) is a processing activity.
Pa Returning `pa_returning`	boolean	Set to true when returning data to the data exporter or data subject is a processing activity.
Pa Erasing `pa_erasing`	boolean	Set to true when erasing data (destruction, deletion) is a processing activity.
Pa Custom `pa_custom`	boolean	Set to true to include a custom processing activity. Specify in custom_options.

Security

Field	Type	Description
Sm Pseudonymization `sm_pseudonymization`	boolean	Set to true when pseudonymization and encryption of personal data is a security measure.
Sm Confidentiality `sm_confidentiality`	boolean	Set to true when ensuring ongoing confidentiality, integrity, availability, and resilience is a security measure.
Sm Restore `sm_restore`	boolean	Set to true when ability to restore availability and access after incidents is a security measure.
Sm Testing `sm_testing`	boolean	Set to true when regular testing and evaluation of security measures is a security measure.
Sm User Auth `sm_user_auth`	boolean	Set to true when user identification and authorization process protection is a security measure.
Sm Transit `sm_transit`	boolean	Set to true when protecting personal data during transmission (in transit) is a security measure.
Sm Storage `sm_storage`	boolean	Set to true when protecting personal data during storage (at rest) is a security measure.
Sm Physical `sm_physical`	boolean	Set to true when physical security of processing locations is a security measure.
Sm Logging `sm_logging`	boolean	Set to true when events logging is a security measure.
Sm Config `sm_config`	boolean	Set to true when systems configuration and default configuration is a security measure.
Sm Governance `sm_governance`	boolean	Set to true when internal IT and IT security governance and management is a security measure.
Sm Certification `sm_certification`	boolean	Set to true when certification or assurance of processes and products is a security measure.
Sm Minimization `sm_minimization`	boolean	Set to true when data minimization is a security measure.
Sm Quality `sm_quality`	boolean	Set to true when ensuring data quality is a security measure.
Sm Retention `sm_retention`	boolean	Set to true when ensuring limited data retention is a security measure.
Sm Accountability `sm_accountability`	boolean	Set to true when ensuring accountability is a security measure.
Sm Portability `sm_portability`	boolean	Set to true when allowing data portability and ensuring erasure is a security measure.

Signature Block

Field	Type	Description
Provider Signatory Type `provider_signatory_type`	enum	Whether the Provider signatory is an entity or individual
Provider Signatory Name `provider_signatory_name`	string	Full legal name of the Provider's signatory
Provider Signatory Title `provider_signatory_title`	string	Title/role of the Provider's signatory (entity only)
Provider Signatory Company `provider_signatory_company`	string	Company name for the Provider signatory (entity only)
Customer Signatory Type `customer_signatory_type`	enum	Whether the Customer signatory is an entity or individual
Customer Signatory Name `customer_signatory_name`	string	Full legal name of the Customer's signatory
Customer Signatory Title `customer_signatory_title`	string	Title/role of the Customer's signatory (entity only)
Customer Signatory Company `customer_signatory_company`	string	Company name for the Customer signatory (entity only)

Source

Maintained by Common Paper

View on Common Paper

Download Template

Editable Word file with fillable fields

Download Word file

CC-BY-4.0

Use this template with Claude Code or another coding agent

Start with setup instructions, then run this template in your own workflow.

Learn how to fill this template Need a managed workflow instead?

Workflow support only. Not legal advice.

Fields 100

Source Common Paper

This template is a drafter's starting point. It does not constitute legal advice. Have qualified counsel review before execution.

Browse all templates

45 free contract templates for NDAs, employment agreements, SAFEs, financing documents, and more.

View all templates →

By Category

AI Agent Extensions

Enterprise

Company

Learning

Support

Common Paper Data Processing Agreement

Try this template in an AI workflow

Claude Code or another coding agent

CLI

Fields (100)

Parties

Service

Terms

Parties

Terms

Legal

Privacy

Terms

Privacy

Terms

Privacy

Terms

Security

Legal

Liability

Privacy

Security

Liability

Legal

Privacy

Security

Privacy

Security

Signature Block

Browse all templates