Data Processing Agreement (DPA) request

Last updated:: 2026-04-22
Effective:: 2026-04-22

Request a signed DPA for enterprise + EU/UK engagements. Atlas Task Manager makes a Data Processing Agreement available to every customer that processes personal data through the Service, on request and at no additional cost.

1. Overview

A Data Processing Agreement (DPA) is the written contract required by Article 28 of the EU General Data Protection Regulation (GDPR) and the equivalent provisions of the UK GDPR between a controller (you, the customer) and a processor (us, KhanX Labs Private Limited, operating the Atlas Task Manager Service).

Our standard DPA incorporates the European Commission Standard Contractual Clauses (SCCs, 2021/914) and the UK Information Commissioner’s International Data Transfer Addendum (IDTA) so that personal data can lawfully be transferred from the EEA or the UK to jurisdictions that have not received an adequacy decision.

2. When a DPA is required

You should request a signed DPA if any of the following apply:

You are a controller of personal data subject to the GDPR, UK GDPR, Swiss FADP, or the Brazilian LGPD, and you use the Service to process that personal data.
You offer the Service to data subjects located in the European Economic Area, the United Kingdom, or Switzerland, and Atlas Task Managerprocesses that data on your behalf.
Your information-security policy or your enterprise procurement process requires a written Article 28 processing agreement with every sub-processor in your supply chain.
You intend to rely on the Service to process special-category data (as defined in GDPR Article 9) or children’s personal data, and need documented safeguards and records of processing.

Individual consumers and free-tier users are covered by our Privacy Policy and do not generally need a separate DPA; the Privacy Policy describes the lawful bases, categories of personal data, and retention we apply.

3. What we need from you

To prepare a DPA for countersignature, please provide the following:

Company legal name exactly as it should appear on the contract (including registered form - e.g. “Pvt. Ltd.”, “GmbH”, “Inc.”).
Registered address and, if different, the mailing address used for notices under the DPA.
Primary contact for data protection - typically your Data Protection Officer (DPO) or the equivalent privacy contact, including name and email.
Signatory - the name, title, and email address of the person authorised to execute the DPA on behalf of your organisation.
Workspace or account identifier on the Service (your Atlas workspace slug or the email address of the workspace owner) so we can associate the DPA with the correct account.
Special requirements (optional) - e.g. a specific hosting region, additional security attestations, sector-specific clauses (HIPAA BAA, financial-services addenda), or a redline of our standard form.

4. What you receive

Your countersigned DPA bundle includes:

The executed Data Processing Agreement, aligned with GDPR Art. 28 and UK GDPR Art. 28.
The European Commission Standard Contractual Clauses, module 2 (controller-to-processor), module 3 (processor-to-processor), or a combination as applicable.
The UK International Data Transfer Addendum (IDTA) for transfers originating from the United Kingdom.
Annex I (parties), Annex II (technical and organisational measures), and Annex III (approved sub-processors), pre-populated from our current sub-processor list.
A reference to this page for the ongoing sub-processor change notification URL.

5. Turnaround

Our target turnaround is five (5) business days or less from receipt of a complete request to a countersigned DPA returned by email. Redlines or custom terms may extend this window; we will acknowledge receipt within one business day and confirm the expected return date.

6. How to request

Email legal@wrxstack.com with the details listed in section 3. Please use the subject line “DPA request - <your company name>” so the request is routed promptly.

For data-protection-specific questions that should reach our DPO, copy dpo@khanxlabs.com.

1. Overview

2. When a DPA is required

You should request a signed DPA if any of the following apply:

You are a controller of personal data subject to the GDPR, UK GDPR, Swiss FADP, or the Brazilian LGPD, and you use the Service to process that personal data.
You offer the Service to data subjects located in the European Economic Area, the United Kingdom, or Switzerland, and Atlas Task Managerprocesses that data on your behalf.
Your information-security policy or your enterprise procurement process requires a written Article 28 processing agreement with every sub-processor in your supply chain.
You intend to rely on the Service to process special-category data (as defined in GDPR Article 9) or children’s personal data, and need documented safeguards and records of processing.

3. What we need from you

To prepare a DPA for countersignature, please provide the following:

Company legal name exactly as it should appear on the contract (including registered form - e.g. “Pvt. Ltd.”, “GmbH”, “Inc.”).
Registered address and, if different, the mailing address used for notices under the DPA.
Primary contact for data protection - typically your Data Protection Officer (DPO) or the equivalent privacy contact, including name and email.
Signatory - the name, title, and email address of the person authorised to execute the DPA on behalf of your organisation.
Workspace or account identifier on the Service (your Atlas workspace slug or the email address of the workspace owner) so we can associate the DPA with the correct account.
Special requirements (optional) - e.g. a specific hosting region, additional security attestations, sector-specific clauses (HIPAA BAA, financial-services addenda), or a redline of our standard form.

4. What you receive

Your countersigned DPA bundle includes:

The executed Data Processing Agreement, aligned with GDPR Art. 28 and UK GDPR Art. 28.
The European Commission Standard Contractual Clauses, module 2 (controller-to-processor), module 3 (processor-to-processor), or a combination as applicable.
The UK International Data Transfer Addendum (IDTA) for transfers originating from the United Kingdom.
Annex I (parties), Annex II (technical and organisational measures), and Annex III (approved sub-processors), pre-populated from our current sub-processor list.
A reference to this page for the ongoing sub-processor change notification URL.

1. Overview

2. When a DPA is required

3. What we need from you

4. What you receive

5. Turnaround

6. How to request

7. Related resources

1. Overview

2. When a DPA is required

3. What we need from you

4. What you receive

5. Turnaround

6. How to request

7. Related resources