Last updated: 2 March 2026
This DPA describes data processing terms for business customers and partners. Depending on the workflow, Titledeep may act as a processor on behalf of a controller, or parties may act as independent controllers.
Processing is limited to documented instructions and defined purposes. The DPA sets out categories of data, duration, and security commitments.
Titledeep maintains technical and organisational security measures including encryption, access controls, and security logging. Additional security materials may be provided under confidentiality for enterprise partners.
Titledeep uses sub-processors to operate the service. The DPA defines conditions for sub-processor use, publication of a sub-processor list, and notification of material changes.
Where transfers occur outside the UAE, Titledeep applies transfer safeguards consistent with UAE Federal Data Protection Law, including contractual protections where required and transfers only to jurisdictions meeting applicable adequacy standards.
Titledeep supports controllers in handling rights requests and provides reasonable assistance as required under applicable law.
Titledeep notifies business customers of relevant personal data breaches in accordance with the DPA's notification provisions and applicable law.
Audit rights are risk-based and documentation-first, with reasonable notice and scope limitations to protect confidentiality and security.
To request a signed DPA or sub-processor list, write to us at connect@titledeep.com.