Data Processing Agreement

How we contract to protect the regulated data we process on your behalf.

Dove Direct acts as a data processor and, for healthcare clients, a business associate. When we handle data subject to regulation — HIPAA, GLBA, FCRA, or IRS Pub 1075 — we execute a Data Processing Agreement (DPA), and a HIPAA Business Associate Agreement (BAA) where applicable, as part of the engagement.

Our DPA is provided to clients on request and reviewed with your legal and security teams before signature.

What our DPA covers

  • Scope, nature, and purpose of processing, and the types of data involved
  • Confidentiality and least-privilege access obligations
  • Security measures aligned with the NIST Cybersecurity Framework 2.0
  • Subprocessor management and disclosure
  • Data handling, retention, secure return, and destruction
  • Incident and breach-notification commitments

Request the DPA or a BAA

Reach out and our team will share the current agreement and walk your stakeholders through it.

Request via contact formVisit the Trust Center