Skip to main content
P
Pragma App
How It Works Features Pricing FAQ
Sign in Get started →
How It Works Features Pricing FAQ
Sign in Get started →

Home › Data Processing Agreement

Data Processing Agreement

GDPR Article 28 compliant.

Effective date: 10 July 2026

This DPA forms part of the Terms of Service between Pragma ("Processor") and each customer ("Controller"), under Article 28 UK GDPR / EU GDPR.

1. Definitions

"Personal Data", "Data Subject", "Processing", "Controller", and "Processor" have meanings per UK GDPR / EU GDPR.

2. Roles

Controller determines purposes. Processor processes Customer Data only on Controller's documented instructions.

3. Nature of Processing

Processing necessary to provide the Pragma App platform — storing, retrieving, displaying, and transmitting Customer Data as directed.

4. Data Categories and Subjects

Determined by Controller. May include employees, customers, suppliers. Categories may include identifiers, contact data, financial records, employment information.

5. Duration

Subscription term plus 30 days after termination, then permanently deleted unless law requires retention.

6. Processor Obligations

Process only on Controller instructions; bind personnel to confidentiality; implement security measures; assist with data subject rights; assist with breach notification and DPIAs; delete or return data on termination; make compliance information available.

7. Controller Obligations

Warrants lawful basis for all data transferred and has provided required notices and obtained consents.

8. Sub-processors

Controller grants general authorisation. 30 days' notice of changes.

Sub-processorPurposeLocationSafeguards
Stripe, Inc.Payment processingUSASCCs / UK IDTA
Mailgun TechnologiesEmail deliveryUSASCCs / UK IDTA
Plausible AnalyticsCookieless analyticsEU — GermanyIntra-EU
Amazon Web ServicesInfrastructureEU / USASCCs / UK IDTA

9. Security Measures

  • TLS 1.2+ in transit, AES-256 at rest
  • Role-based access controls
  • Regular patching and vulnerability management
  • Admin access audit logging
  • Employee security training
  • Incident response procedures

10–15. Rights, Breaches, DPIAs, Transfers, Audit, Deletion

Processor assists with data subject rights. Breaches notified within 72 hours. DPIAs supported. Transfers protected by SCCs/IDTAs. Audits supported with notice. Data deleted or returned within 30 days of termination.

16. Liability

Subject to Terms of Service limitations. GDPR infringement liability per Article 82 GDPR.

17. Governing Law

England and Wales. Exclusive jurisdiction of the courts of England and Wales.

Pragma · DPO: privacy@usepragma.app

P
Pragma App

The practical AI business platform. Finance, sales, HR, and operations — unified, intelligent, and ready on day one.

Product
  • How It Works
  • All Features
  • Pricing
  • FAQ
Company
  • Contact Us
  • Security
  • Accessibility
Legal
  • Privacy Policy
  • Terms of Service
  • Refund Policy
  • Cancellation Policy
  • Cookie Policy
  • Acceptable Use
  • DPA
  • Cookie Preferences

© 2026 Pragma. All rights reserved.  ·  usepragma.app

Pragma · Registered in England and Wales · hello@usepragma.app

We use cookies

Essential cookies keep our site working. With your consent we may also use analytics cookies. Cookie Policy

EssentialRequired for login, checkout, and security.
Always on
AnalyticsPlausible Analytics — cookieless, no personal data.
MarketingWe do not currently use marketing cookies.