Data Processing Agreement

Simple Analytics is designed to operate without processing personal data. As a result, a Data Processing Agreement is not required in most cases.

When a DPA is required

Under GDPR, a Data Processing Agreement is required when a processor handles personal data on behalf of a controller.

Simple Analytics does not process personal data.

Because of this, a DPA is not required when using Simple Analytics. This is due to the absence of personal data processing.

Learn more about GDPR compliance →

Our approach

Simple Analytics avoids collecting personal data entirely. This removes the need for many legal and contractual obligations typically associated with analytics tools.

  • No personal data is processed
  • No user identifiers or tracking technologies are used
  • No data is linked to individuals
  • Data is used only to provide aggregated analytics

Learn more about our data collection →

For organizations that require a DPA

We understand that some organizations require a DPA as part of their procurement process.

We support this and will review and sign customer-provided agreements, provided they align with how the service operates.

  • A DPA is not required due to the absence of personal data
  • We can review and sign customer-provided DPAs
  • Agreements must align with our privacy-first architecture

We aim to keep agreements aligned with how the service operates.

View our security practices →

Scope of data

Simple Analytics processes only a limited set of non-personal metrics required to provide website analytics. All data is processed within the EU by our subprocessors.

  • Page URL
  • Referrer
  • UTM parameters
  • Time zone
  • Device and browser type

These metrics are not linked to individuals and cannot be used to identify users.

See our subprocessors →

Related pages

SecurityGDPR ComplianceData CollectionSubprocessorsPrivacy Policy

For DPA requests or compliance questions:

Open contact form