GDPR DPA Review · Local

Review a DPA against GDPR. The document never leaves your machine.

For privacy professionals who can’t paste a client’s Data Processing Agreement into a cloud tool. Check a DPA against the clauses GDPR expects — get a present / missing / risky report, built to never falsely say a protective clause is there. Runs on your own machine. MSA and NDA playbooks included.

  • Runs on your machine
  • On-device inference
  • Signed, exportable report
  • Not legal advice
vendor-msa.pdf · MSA playbook
preview
  • Limitation of liabilityPresent

    Cap found at 12 months of fees.

  • Mutual indemnificationMissing

    No indemnity language located.

  • Data processing termsRisky

    Present, but no sub-processor list.

  • Termination for conveniencePresent

    30-day notice clause found.

  • Governing lawPresent

    Specified — Ireland.

Signed for integrity · verifiable offline · illustrative example, not legal advice

The problem

You sign vendor contracts without a lawyer — and miss the clauses that protect you.

Founders and ops teams sign MSAs, DPAs and NDAs every month. A liability cap, an indemnity, a data-processing term quietly goes missing. Sending a confidential contract to a cloud legal-AI to catch it is a non-starter. So it never gets checked.

Free · nothing leaves this page

Does your DPA cover the 10 clauses GDPR expects?

Answer 10 quick questions about your Data Processing Agreement. Your answers are checked here in your browser — no upload, no document, no account. We deliberately never take your DPA on the web.

0 / 10 answered
  1. Does the DPA name each party as controller or processor and describe the subject matter, nature and purpose of the processing?

  2. Does the DPA limit the processor to acting only on the controller's documented instructions?

  3. Does the DPA require everyone authorized to process the data to be under a duty of confidentiality?

  4. Does the DPA commit the processor to appropriate technical and organizational security measures (e.g. encryption, access control)?

  5. Does the DPA require prior authorization for subprocessors and flow the same obligations down to them?

  6. Does the DPA require the processor to help you respond to data-subject requests (access, erasure, and so on)?

  7. Does the DPA require the processor to notify you of a personal-data breach without undue delay?

  8. Does the DPA require the processor to return or delete the personal data when the engagement ends?

  9. Does the DPA let you audit or inspect the processor, and require it to show information demonstrating compliance?

  10. Does the DPA restrict transfers of personal data abroad to a lawful mechanism (e.g. standard contractual clauses)?

How it works

One contract in. A clause-by-clause report out. Nothing leaves your machine.

01

Drop in one contract

Point the desktop app at a single MSA, DPA or NDA. The file is parsed and analyzed on your machine — there is no upload.

02

Pick a clause playbook

Choose a required-clause checklist — the protective terms a good contract of that type should contain.

03

Read the present / missing / risky report

Every required clause is marked present, risky, or missing, with the matching snippet. It is built to never falsely mark a clause present.

04

Export a signed report

Export a tamper-evident report, cryptographically signed for integrity so anyone can verify it was computed and left unaltered.

What it checks

Playbooks for the contracts you actually sign.

A playbook is the checklist of protective clauses a good contract of that type should contain. Three ship at launch.

DPAData Processing Agreement
  • Controller / processor roles
  • Sub-processor flow-down
  • Breach notification
  • Return / deletion of data
MSAMaster Service Agreement
  • Limitation of liability
  • Indemnification
  • Termination rights
  • Warranties & SLAs
NDANon-Disclosure Agreement
  • Definition of confidential info
  • Term & survival
  • Permitted disclosures
  • Return of materials

Straight about what it is

We claim exactly what it does — no more.

On-device, by design

The contract is parsed and analyzed on your own machine. There is no web upload endpoint and no cloud model — your contracts never leave your machine.

Signed for integrity, not for approval

The exported report is cryptographically signed so anyone can verify it was computed and left unaltered. That is an integrity check — not a statement that the contract is safe or enforceable.

Not legal advice

This is a clause-presence review, not a legal opinion and not an attestation. It flags what to look at; a lawyer decides what it means.

Pricing

One tool. One price.

€79/mo

Per seat. Cancel anytime.

  • Review one contract against a playbook
  • MSA, DPA and NDA playbooks
  • Present / missing / risky per clause, with snippets
  • Fail-safe verdict — never a false “present”
  • Signed, exportable report (JSON / HTML)
  • Runs entirely on your machine — on-device inference
Buy now — €79/mo

Secure checkout via Stripe. Your license key and download link are emailed automatically. Cancel anytime — or request early access instead.

Questions

The honest FAQ.

No. Clause Review is a desktop app. The contract is parsed and analyzed on your own machine using on-device inference — there is no web upload and no cloud model call.

Not ready to buy?

Want it? Tell us.

Clause Review is live at €79/mo. Not ready to check out? Leave your email and tell us honestly whether you’d pay — that signal shapes what we build next.

Would you pay €79/mo? (optional, be honest)

No spam. We’ll only email you about Clause Review, and you can opt out anytime.