Data Processing Agreement.

Most Summit Signal buyers don't require a separate DPA. The handling commitments already in our Privacy Policy — minimum collection, named subprocessors, no model training on customer data, and documented request handling — cover the substance for a typical engagement.

If your procurement or compliance team requires a signed Data Processing Agreement for vendor review, procurement records, or internal compliance review, we can return one promptly.

Email hello@summitlabsfl.com with the subject "DPA request" and your company name. We typically return a draft within one business day.

If you have a preferred template (your standard vendor DPA), we'll review and redline against it rather than ask you to switch to ours.

• Scope of processing — what data Summit Labs processes on your behalf and for what purpose.
• Subprocessor list (mirrors the published list in our Privacy Policy).
• Security measures — at-rest and in-transit encryption, access controls, audit logging.
• Data retention and deletion request handling.
• Breach notification obligations.
• Your audit rights as the data controller.

For a complete picture of how Summit Signal handles uploaded data — encryption, deletion request handling, model-training exclusions — see the Summit Signal Security & Data Controls page. The DPA formalizes those commitments contractually.

DPA requests, redlines, and signed copies go to hello@summitlabsfl.com. Mail to Summit Labs LLC, Lakeland, FL, US.