In the context of GDPR compliance, a data processing agreement (DPA) is a legally binding document to be entered into between the controller and the processor in writing or in electronic form. It regulates the particularities of data processing – such as its scope and purpose – as well as the relationship between the controller and the processor.
In the context of Matomo you have two options:
- When you use the official Matomo Analytics Cloud service a Data Processing Agreement is available and can be viewed here: matomo.cloud/dpa. You may agree to the DPA when you sign-up to the service, or later (in Matomo Administration > GDPR Overview page).
- When you self-host Matomo on your own servers, then you do not have a Data Processing Agreement available, but your data processors may offer a DPA and suggest steps for GDPR compliance. Learn more in our article: How to make Matomo GDPR compliant in 12 steps, and in our GDPR user guide.