Data Processing Agreement (Template)
MatterPilot — operated by Document Scan Ltd. Template version last reviewed: 9 July 2026.
Template for review — not yet a contract. This document is MatterPilot's template Data Processing Agreement, published so that firms can review our processing terms during due diligence. It is not legal advice and should not be signed as-is: bracketed details must be completed, and both parties should have the final version reviewed by a solicitor before signing.
Parties
This Data Processing Agreement (the “DPA”) is made between:
- Document Scan Ltd (trading as MatterPilot), a company registered in England and Wales with company number [Company number], whose registered office is at [Registered office] (the “Processor”); and
- [Customer firm name], [a partnership / an LLP / a company] whose [registered office / principal place of business] is at [Customer address] (the “Controller”).
It supplements the agreement under which the Processor provides the MatterPilot platform to the Controller (the “Services Agreement”) and applies for as long as the Processor processes personal data on the Controller's behalf.
1. Definitions
“UK GDPR”, “controller”, “processor”, “data subject”, “personal data”, “personal data breach” and “processing” have the meanings given in the UK General Data Protection Regulation and the Data Protection Act 2018 (together, “Data Protection Law”).
2. Subject matter, nature and purpose of processing
The Processor provides a legal productivity platform which transcribes, analyses, organises and stores material submitted by the Controller's users — dictation audio, meeting and call recordings, documents and related records — and generates draft outputs (transcripts, notes, summaries, actions and draft correspondence) for the Controller's review. Processing consists of hosting, storage, transcription, AI-assisted text analysis and generation, backup and deletion, as described in the Services Agreement and the Processor's published Data Protection & Security Overview.
3. Duration
Processing continues for the term of the Services Agreement, plus the period reasonably needed to return or delete personal data under clause 10.
4. Categories of data subjects and personal data
- Data subjects: the Controller's partners and staff; the Controller's clients; and third parties whose details appear in the Controller's matters and communications (for example opposing parties, witnesses, executors and beneficiaries).
- Personal data: names and contact details; account and usage records; the contents of recordings, transcripts, documents and notes submitted to or generated by the platform, which may include any category of personal data the Controller's matters contain — including, where the Controller's work involves it, special category and criminal offence data.
5. Controller instructions
The Processor shall process personal data only on the Controller's documented instructions, including as to transfers, unless required to process by law (in which case the Processor shall inform the Controller before processing, unless the law prohibits it). The Services Agreement, this DPA and the Controller's use of the platform's controls constitute the Controller's complete instructions. The Processor shall inform the Controller if, in its opinion, an instruction infringes Data Protection Law.
6. Confidentiality
The Processor shall ensure that all persons it authorises to process personal data are bound by contractual or statutory obligations of confidentiality.
7. Security
Taking into account the state of the art and the nature of the data, the Processor shall implement and maintain appropriate technical and organisational measures, including those summarised in Annex A, and shall not materially reduce the overall protection they provide during the term.
8. Sub-processing
- The Controller gives general written authorisation for the sub-processors in the Processor's published Sub-processor List as at the date of this DPA.
- The Processor shall give the Controller at least [30] days' written notice before adding or replacing a sub-processor. The Controller may object on reasonable data-protection grounds; if the parties cannot resolve the objection, the Controller may terminate the affected services.
- The Processor shall impose data protection obligations on each sub-processor materially equivalent to those in this DPA and remains liable for its sub-processors' performance.
9. Assistance
- The Processor shall, taking into account the nature of the processing, assist the Controller by appropriate technical and organisational measures in responding to data subject rights requests under Data Protection Law.
- The Processor shall assist the Controller in meeting its obligations regarding security, breach notification, data protection impact assessments and prior consultation, taking into account the information available to the Processor.
10. Return and deletion
On termination or expiry of the Services Agreement, the Processor shall, at the Controller's choice, return or delete the personal data it processes on the Controller's behalf, and delete existing copies unless storage is required by law. Deletion from backups occurs in the ordinary course of the backup cycle.
11. Personal data breach
The Processor shall notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller's personal data, and shall provide information reasonably required for the Controller to meet its own notification obligations, updated as it becomes available.
12. Audit and information
The Processor shall make available to the Controller information reasonably necessary to demonstrate compliance with this DPA — including its published security documentation and completed due-diligence questionnaires — and shall allow for and contribute to audits, including inspections, conducted by the Controller or its mandated auditor, on reasonable notice and no more than [once] in any 12-month period unless a personal data breach or supervisory authority requires otherwise.
13. International transfers
The Processor processes and stores personal data in the United Kingdom (Microsoft Azure UK regions) and shall not transfer personal data outside the UK without ensuring a lawful transfer mechanism under Data Protection Law is in place.
14. General
This DPA is governed by the law of England and Wales. If it conflicts with the Services Agreement on data protection matters, this DPA prevails. Liability under this DPA is subject to the limitations in the Services Agreement, [save as the parties agree otherwise].
Annex A — Technical and organisational measures (summary)
- Hosting on Microsoft Azure in the United Kingdom; encryption in transit (TLS) and at rest (Azure service encryption).
- Firm-level tenant separation enforced in the data layer on every read and write.
- Administrator-created accounts only (no self-registration); role-based access control; per-user module permissions; seat-based sign-in; multi-factor authentication available with administrator-managed reset.
- AI processing via Azure-hosted services under enterprise terms; no use of the Controller's data to train public AI models; in-process document processing.
- Platform-wide audit logging of significant actions; configuration secrets held in managed secret stores.
- Workflow-appropriate retention controls, including per-firm call-recording retention policies, expiring and revocable client file-sharing links, and controlled closed-file destruction.
Annex B — Sub-processors
The Processor's current sub-processors are set out in the published Sub-processor List at matterpilot.ai, which forms part of this DPA as at the date of signature.
Signatures
| For the Processor | For the Controller | |
|---|---|---|
| Name | [Name] | [Name] |
| Position | [Position] | [Position] |
| Signature | ||
| Date |
Template published by MatterPilot (matterpilot.ai). Complete the bracketed details and obtain legal review before signature.
This document is also available as a PDF download for your firm's due-diligence records — the page and the PDF are generated from the same source.