Subprocessor DPA for GDPR compliance

We are building an app that will be used worldwide, including Europe. To comply with GDPR, we require our European customers to sign a document which governs how we use their data and what processors we forward their data to.

Since we will be using Expo to send push notifications, Expo is becoming a data subprocessor for us. We are required to obtain a signed DPA from all of our subprocessors. All of our other subprocessors (AWS, Google, etc) have a process to obtain this signed DPA. Anyone know how I can obtain a signed subprocessor DPA from Expo?

I’ve read through Apps made with Expo and GDPR compliance which is very helpful explaining how data is used, but it doesn’t say how to get a signed subprocessor DPA.

Thanks for your help.

Hey @lehresman!

Can you send an email to secure@expo.io? I can respond and send you our DPA from there

Thanks!