Home › Glossary › DPA (Data Processing Agreement)

Last updated: 2026-04-18

What is DPA (Data Processing Agreement)?

A contract between a customer and an AI vendor governing how the vendor processes customer data — what's collected, where it's stored, who can access it, retention policies, sub-processors, and breach notification. Required by GDPR for any EU customer; commonly required by US enterprise procurement too. ChatGPT Enterprise and Claude Cowork Enterprise both offer custom DPAs; Plus and Pro tiers do not. HIPAA-regulated organizations also need a BAA on top of the DPA.

See also

• /chatgpt/teams/
• /claude-cowork/pricing/
• /security/

← Back to the full AI agent glossary.