Data Processing Agreement

DPA Request Process

Last updated May 20, 2026

A Data Processing Agreement (DPA) is a legally binding contract between a data controller (you or your organisation) and a data processor (Yokly) that governs how personal data is handled on your behalf. DPAs are required under the EU General Data Protection Regulation (GDPR), UK GDPR, and similar frameworks where Yokly processes personal data in the course of delivering its services.

This page explains who needs a DPA, what to include in your request, and how to contact our legal team to initiate one.

WHO NEEDS A DPA?

You should request a DPA with Yokly if any of the following apply to your organisation:

  • You are subject to the EU GDPR or UK GDPR (you are based in or serve customers in the European Economic Area or United Kingdom).
  • Your engagement with Yokly involves our team accessing, processing, or handling personal data on your behalf — for example, customer records, employee data, financial data, or healthcare-adjacent information.
  • Your internal compliance programme, legal counsel, or data protection officer requires a DPA with all third-party processors.
  • You operate in a regulated industry (healthcare, finance, legal services, education) and have contractual or regulatory requirements for data processor agreements.
  • Your procurement process requires a signed DPA before engagement can begin.

If you are unsure whether a DPA applies to your situation, contact us at legal@yokly.gives and we will advise you.

WHAT YOKLY’S DPA COVERS

Our standard DPA addresses the following areas in compliance with GDPR Article 28:

  • Subject matter and duration — the nature and purpose of the processing and the term of the agreement.
  • Nature and purpose of processing — what Yokly does with your data and why.
  • Type of personal data — the categories of data involved (e.g. contact information, financial records, health-adjacent data).
  • Categories of data subjects — whose data is being processed (e.g. your customers, employees, end users).
  • Processor obligations — Yokly’s obligations including confidentiality, security measures, sub-processor management, breach notification, and assistance with data subject rights.
  • Sub-processors — disclosure of third-party services Yokly uses that may process your data (e.g. Google Cloud, Firebase).
  • International transfers — applicable Standard Contractual Clauses (SCCs) or other transfer mechanisms where data moves outside the EEA/UK.
  • Return and deletion — how data is returned or securely deleted at the end of the agreement.

HOW TO REQUEST A DPA

Send your DPA request to legal@yokly.gives with the subject line: DPA Request — [Your Company Name].

Include the following in your request

  1. Company name and registered address — as it should appear in the agreement.
  2. Applicable regulation(s) — e.g. EU GDPR, UK GDPR, CCPA, HIPAA (where applicable).
  3. Description of the processing — a brief summary of what personal data Yokly will process on your behalf and for what purpose.
  4. Categories of data and data subjects — what types of personal data are involved and whose data it is.
  5. Your DPA template (optional) — if your organisation uses a specific DPA template, attach it. We will review and respond with any amendments required.
  6. Legal/compliance contact — name, email, and title of the person responsible for executing the DPA on your side.
  7. Target execution date — if you have a deadline, please state it so we can prioritise accordingly.

RESPONSE TIMELINE

We aim to acknowledge all DPA requests within 1 business day and return a completed or commented draft within 5–7 business days of receiving a complete request.

Complex requests — including those involving non-standard templates, regulated data categories (L3 data, HIPAA-adjacent), or international transfer mechanisms — may require additional review time. We will communicate any delays proactively.

EXISTING CLIENTS

If you are an existing Yokly client and require a DPA to be added to your current service agreement, please reach out through your Customer Success Manager or directly to legal@yokly.gives referencing your account name. We can typically append a DPA to an existing engagement without service disruption.

SUB-PROCESSORS

Yokly uses a limited set of sub-processors to deliver its services. Key sub-processors include:

  • Google Cloud Platform / Firebase — application hosting, database, and media storage (United States)
  • Google Analytics / Firebase Analytics — site performance analytics (United States)
  • GoHighLevel (GHL) — CRM, lead management, and booking (United States)
  • Sentry — error monitoring and diagnostics (United States)
  • PostgreSQL (VPS) — CMS database (United States/Philippines depending on hosting arrangement)

Our full sub-processor list, including applicable transfer mechanisms, will be included in the DPA. We notify clients of material sub-processor changes and provide an opportunity to object.

CONTACT

All DPA requests and legal data enquiries should be directed to our legal team:

Yokly Legal Team

Jireh Ventures, Inc. (dba Yokly)

161 Fashion Lane Ste 101

Tustin, CA 92780

United States

legal@yokly.gives

For privacy and data subject rights requests (separate from DPA requests), contact privacy@yokly.gives.

Ready to request a DPA?

Email our legal team with your company details and processing scope. We’ll respond within one business day.

Email legal@yokly.gives