Data Processing Agreement for GDPR compliance


If I want to use infinity for more than test data, I need a data processing agreement to be GDPR compliant. (When) Do you plan to offer such an agreement?



Hey @micck,

I’ve just created a question ticket for our CTO (who’s also expert in Security stuff), so I hope both you and I are gonna get an answer today/tomorrow. :slight_smile:

Talk to you soon!



Thank you @coa ,
Are there any news to this by now?



Hey @micck! So sorry for not getting back to you earlier.

The thing is we have dedicated Terms of Service + Privacy Policy pages which you can find of a good use.

Regarding the GDPR agreement: We’re offering the maximum support for all countries and regions right now, but to be fully GDPR compliant, we’ll need some more time.

If you’re skeptic about the data you’re inserting in our tool, let’s schedule a call with our CEO and Security Chief so we can cover everything you’re worrying about. :slight_smile:



Hey @coa ,
it´s not that I´m worried about anything or that I don´t trust the security and confidentiality of your company. It´s simply the regulation that obliges me to have such an agreement - at least as far as I know. Otherwise I´m not allowed to use your service for personal data of my clients.
I´ll check with my lawyer if your ToS and Privacy Policy are sufficient. This may take some time, but I will let you know. And maybe I can provide a template to you.

1 Like


Sounds good, @micck :slight_smile:

Thanks for your understanding!



Hey @coa ,
I had a meeting with my lawyer recently and he told me I definitely need a written and signed agreement to be GDPR compliant. He gave me a template I should share with you, so that we can make one up in case you don´t already provide one.
Can I schedule a call with the person responsible at infinity so we can work that out?

1 Like


Hey @micck!

Thank you for contacting your lawyer to check the details.

We’d love to work this out.

Make sure to ping Boka at Intercom Live Chat. She’ll work out it out with the CEO and tell you the next steps.



Thank you coa, I just did so.

1 Like


Hey @coa! Are there any updates for the DPA from your legal team?



I would also like an update on this. In Europe we are not able to use software for people’s data without a DPA. I am holding off on using Infinity for any client related work until this is resolved, otherwise I’m breaking the law and risk a huge fine. Please, this needs to be a priority.

1 Like


Hello! I’m in the same place as @suzebutch regarding a DPA to be GDPR compliant. I’m still testing the software at this stage, but before I can take it live with the entire team I need the certainty of an agreement. As already mentioned, the potential for fines is significant!

1 Like


@suzebutch & @OldFreidog
@coa sent me a direct message regarding DPA progress about a month ago. Right then their plan was to focus on the GDPR in January, but I suppose it might be delayed as other things/new-functions like Gantt View have also been delayed.
But I´m confidently hoping they will fix this legal hole in the next few months and I can use Infinity infinitly also for all my client data :wink:



Thanks, @micck!

Everything’s correct here.

We’ll make sure to focus 100% on that in the very near future.



@coa i just want to add my interest in this topic here. I just started exploring this tool and would like to use it in my company in the near future but the gdpr issue is unfortunately a real blocking one du to the laws in europe. I would be glad if you could solve this very soon :slight_smile:



Any progress here? I just read a review on another saas without a dpa. It says:

Regarding the DPA: In Article 28 is mentioned, that everyone who is processing personal data of our clients (IP, mailaddress) needs a contract with the controller of the data. Any data processing without a contract is illegal! Right… ILLEGAL! If the authorities ask for a DPA and you can’t present one, it will cost you approx 5.000,- EUR in the first instance. In addition, the owner of the personal data can sue us and also YOU!

In order to be GDPR compliant, you be compliant with Article 28 (processor):

Example structure of an DPA:

The best resource of how to build your DPA:

1 Like


Hey @micck, @alex,

We’re still figuring the contract part out with our legal team. We’ll get back to you when we have more info.

Sorry for all the waiting!

1 Like


Great to read that you’re on it! :grinning::+1:

1 Like


Are there any news regarding a DPA?

1 Like


@stefan: Can you give me an update regarding a DPA?

1 Like