VentureScopelegal@venturescope.ai

Data Processing Agreement

Available for Angel, Pro, and Enterprise plans

A Data Processing Agreement (DPA) is a legally binding contract between you (the data controller) and VentureScope (the data processor) that governs how we handle personal data on your behalf. It's required under GDPR and expected by institutional LPs and compliance teams at established VC funds.

Who typically needs a DPA?

  • Institutional venture capital firms whose legal or compliance team requires signed DPAs before uploading deal materials to third-party platforms.
  • EU / GDPR-regulated entities processing personal data of founders or portfolio company employees.
  • Family offices or funds with LPs who mandate data governance documentation as part of fund operations.

What Our DPA Covers

VentureScope's standard DPA formalizes the following commitments:

Processing only for service delivery

Your data is processed solely to provide VentureScope services to your organization. We do not sell, license, or otherwise commercialize your deal data or the outputs generated from it.

Named subprocessors

The DPA lists all subprocessors who may access your data (Anthropic, Supabase, Vercel, Stripe, Sentry, PostHog, Resend) and commits us to notifying you of any changes before onboarding new subprocessors.

Deletion on termination

Upon termination of your subscription or written request, all personal data you have uploaded is deleted from our systems and our subprocessors' systems within 30 days, with written confirmation provided.

Breach notification

In the event of a security breach affecting your personal data, we will notify you within 72 hours of becoming aware, including the nature of the breach, categories of data affected, and steps being taken.

Data portability

You may request an export of all personal data we hold about your organization at any time. We will provide it in a machine-readable format within 30 days of the request.

Technical and organizational measures

The DPA documents our security measures including TLS encryption in transit, AES-256 encryption at rest, Row Level Security, access controls, and our subprocessors' certifications (SOC 2, PCI DSS).

GDPR & International Transfers

VentureScope is operated by C12, LLC, a US company. Data is processed on US infrastructure. For customers subject to GDPR who transfer personal data from the EU/EEA to the US, our DPA incorporates the European Commission's Standard Contractual Clauses (SCCs, 2021 version) as the legal mechanism for international data transfers.

If you require SCCs as part of your DPA, please note this in your request and we will include the applicable module in the executed agreement.

How to Request a DPA

To request a signed DPA for your organization, email legal@venturescope.ai with:

  • Your organization name and VentureScope account email
  • Contact name and email for the signatory on your end
  • Whether you require Standard Contractual Clauses (EU transfers)
  • Any specific compliance requirements or amendments you need

We typically respond within 2 business days. For Enterprise plan customers, we can also accommodate review of a customer-provided DPA template.

Ready to request a DPA?

Send your request to our legal team. We aim to respond within 2 business days.

Request DPA via Email

Plan Availability

PlanStandard DPACustom DPA / SCC
FreeNot availableNot available
Angel✓ AvailableContact us
Pro✓ Available✓ Available
Enterprise✓ Available✓ Customer template review
← Back to home
SecurityPrivacy Policy