The Data Processing Agreement (DPA): what it is and how to sign it
A Data Processing Agreement (DPA) is a legal contract between you and SimplyPrint that sets out how we handle the personal data your account processes on your behalf. This guide explains what it covers, when it's useful, and how to fill it in and sign it in just a few minutes if you want one.
What is a DPA?
A DPA is a written record of how a data processor (SimplyPrint) handles personal data on behalf of a data controller (you). Some organisations prefer to have one on file for their compliance paperwork, particularly under frameworks like the GDPR, UK GDPR, or US state privacy laws like the CCPA.
Our standard DPA describes:
- What kind of data we process, why, and where
- The technical and organisational security measures we maintain
- How we handle sub-processors, breach notifications, and data-subject requests
- What happens to your data on termination
Do I need one?
For most customers, no - our public Terms of Service, Privacy Policy, and Security Overview already describe how we handle your data, and that's usually all you need. Enterprise plans also have an SLA.
A DPA is helpful when your internal compliance, procurement, or legal team specifically wants a signed contract on file. Schools, districts, and larger Print Farm customers often fall in that bucket.
If your SimplyPrint account is managed by a partner, you don't need your own DPA - your partner's agreement with us covers you.
What's included in our DPA
Our standard DPA is a 17-page document covering:
- Purpose and scope - the processing is tied to your SimplyPrint subscription
- Documented instructions - we only process data on your instructions
- Mutual NDA (section 5A) - replaces the need for a separate confidentiality agreement, with a 5-year survival period
- Security measures - mirrors our public Security Overview
- Sub-processors - we maintain an authoritative list in our Privacy Policy; 15 days' notice on material changes
- International transfers - EU SCCs plus the UK Addendum where needed
- Breach notification - within 48 hours of becoming aware
- Audits and information - documented responses and third-party attestations
- Return and deletion - 30 days in active systems, 90 days in backups after termination
- Schools and minors (FERPA / COPPA) - school official role, no targeted ads
- Liability and governing law - Danish law; DPA does not expand Master Agreement liability
Who can sign?
The DPA can be signed by:
- The account owner, or
- A user with the Administrator rank on a School or Print Farm account
Any other user will not see the "Data & security" option in settings.
How to sign: three quick options
Option 1 - PDFescape (online, free, no account needed)
pdfescape.com is a free online PDF editor. You can drop text and a drawn signature directly onto the page.
- Download the unsigned DPA from your account settings
- Open pdfescape.com and upload the PDF
- Scroll to the Signatures section at the end of the document
- Use the Text tool to fill in company name, address, country, VAT/registration number, name, title, email, and date
- Use the Freehand tool to draw your signature in the signature field
- Click Save & Download to get your signed PDF
- Upload it in SimplyPrint
Option 2 - Adobe Acrobat Reader "Fill & Sign"
If you already have Adobe Acrobat Reader installed, open the DPA and use the Fill & Sign tool. It lets you type into fields and add a drawn or stored signature in one pass.
Option 3 - Microsoft Edge, Google Chrome, or macOS Preview
All three built-in PDF viewers let you:
- Type text into the page (Edge, Chrome, Preview)
- Free-draw a signature (all three - in Preview it's Markup → Sign)
Just open the downloaded PDF, fill in the fields in the Signatures section at the end, draw your signature, and save a copy.
Option 4 - print and scan (offline)
If you'd rather do it on paper:
- Print the PDF
- Fill in the signature page by hand
- Sign it
- Scan or take a clear photo, and convert it to a single PDF
- Upload that PDF in SimplyPrint
Fields to fill in
The Controller block in the Signatures section has these fields:
Field | Example |
|---|---|
Company name | Acme University |
Company address | 123 Main St, Springfield |
Company country | United States |
Name | Jane Doe |
Title | IT Director |
Date | (today's date) |
VAT / registration number | (where applicable) |
Signature | (drawn or handwritten) |
How to upload in SimplyPrint
- Go to Settings → Data & security
- Click Sign & upload
- Drop in your signed PDF
- Enter the signee's name and title
- Tick the legal confirmation checkbox
- Click Sign and upload DPA
You'll get an email receipt with the signed PDF attached, and your account will immediately show the signed status. SimplyPrint's legal team is also notified.
What if there's a new version?
From time to time we publish an updated DPA (for example, the latest clarification in section 12.3 about deletion notifications). When this happens:
- Your current DPA stays in effect
- You'll see an amber banner in the Data & security tab telling you a new version is available
- Click Sign updated DPA - the same quick flow - and the new version supersedes the old one
- The old row stays on file for audit
Revoking a DPA
If you need to withdraw the agreement (typically before signing a new one, or because of a change of circumstances):
- Go to Settings → Data & security
- Click Revoke on the signed DPA card
- Enter a short reason and confirm
The revocation is logged, SimplyPrint legal is notified by email, and you can sign a new DPA at any time afterwards. The original record is retained for audit.
"We sign a DPA provided by you"
If your organisation requires SimplyPrint to sign your own DPA template, we can do that. It involves legal review on our side and comes with a one-time fee starting at $400 USD (the exact amount depends on the complexity of the document and any back-and-forth required).
To start, email legal@simplyprint.io with your DPA attached. Once reviewed and countersigned, a SimplyPrint admin records it against your account and you'll see it in the Data & security tab just like the standard flow.
You cannot upload a customer-provided DPA yourself - this always goes through our team.
Managed / partner accounts
If your SimplyPrint account is managed by a partner (for example a reseller or district), your DPA may be handled through them. In that case:
- The Data & security tab shows "Handled via {your partner's name}"
- You cannot sign or revoke your own DPA - contact your partner for changes
- You can still download the partner DPA for your records
Frequently asked questions
How long is the DPA valid for?
It remains in effect for as long as you have an active SimplyPrint subscription. Per section 4.2, the term follows the Master Agreement. Confidentiality obligations (section 5A) survive 5 years after termination.
What happens if I downgrade my plan?
If you downgrade to a plan that doesn't include organisational data processing features (like going from Print Farm to Free), SimplyPrint stops processing personal data on your behalf under the DPA per section 4.3 of the agreement.
Is the signed DPA publicly accessible?
No. Signed copies are stored privately and served via short-lived signed URLs. Only users with the manage-DPA permission on your account can download it, plus SimplyPrint admins.
Where do I get the latest authoritative DPA?
The Data & security tab inside your SimplyPrint account always links to the current published version - click Download & sign DPA or Open DPA directly to grab it.
Can we get a custom DPA with our own terms?
Yes - email legal@simplyprint.io. Note the one-time review fee starting at $400 USD.
Related reading
Updated on: 14/04/2026
Thank you!