What's included
Roles (controller / processor), processing details, sub-processor list, technical and organisational measures, breach notification, audit rights, and international transfer clauses (SCCs + UK IDTA).
Data Processing Addendum
Standard DPA. Sign-ready.
The SimuPhish DPA covers GDPR, UK GDPR, CCPA/CPRA, UAE PDPL, Saudi PDPL, and the EU Standard Contractual Clauses. Drafts are available on request and reviewed inside one business day.
Sub-processors
Listed in Annex B of the DPA. We update the list 30 days before any change. Any sub-processor objection is honoured under the DPA terms.
Audit rights
Annual SOC 2 Type 2 and ISO 27001 reports satisfy customer audit rights. On-site or third-party audits are available under reasonable terms with mutual NDA.
Request a copy
Email contact@simuphish.com with your legal entity name and jurisdiction. We send a sign-ready PDF within one business day.
Questions? Email contact@simuphish.com. The SimuPhish trust team replies within one business day.
Ready when you are
The phishing defense your team will actually use.
Two minutes to a quote. One business day to a real reply. No drip sequences. No per-seat list.
