Skip to content
Start free
Legal

Data Processing Agreement

GDPR Article 28 DPA for customers processing personal data via Blaast.

This DPA forms part of the Terms of Service where Blaast acts as a processor on your behalf.

1. Roles

You are the controller; Blaast SAS is the processor. Blaast processes personal data only on documented instructions.

2. Security measures

  • EU-only data residency (OVHcloud, France).
  • Encryption in transit (TLS 1.3) and at rest.
  • Access controls, audit logging, least privilege.
  • ISO 27001-mapped controls; SOC 2 Type II in audit (Q3 2026).

3. Subprocessors

Authorised subprocessors are listed and version-tracked on the Security page. We notify of changes 30 days in advance.

4. Data subject requests

Blaast assists you in fulfilling access/erasure/portability requests within the timelines GDPR requires.

5. Breach notification

Blaast notifies you without undue delay and within 48 hours of becoming aware of a personal data breach.

6. Sign

Request a countersigned copy at Reveal legal contact .