Data Processing Agreement — CCPA Service Provider Template (US)

Mandatory when working with any service provider who accesses personal data — accountants, IT companies, marketing agencies, hosting providers. Fillable Word template with dual signature page.

Covers:

- CCPA "Service Provider" designation (Cal. Civ. Code § 1798.140(ag))

- No sale or sharing obligation — cross-context behavioural advertising prohibited

- Security measures — encryption, MFA, backup, incident response, training

- Sub-processor management with prior written approval requirement

- Breach notification — 72hr to Business → state AG notification chain

- California Civil Code § 1798.82 breach obligations

- Data return and deletion within 30 days of termination

- AAA/JAMS arbitration clause — individual basis only

Aligned with CCPA/CPRA, Colorado CPA, Connecticut CTDPA, Virginia VCDPA and Texas TDPSA.

Delivered as .docx (Microsoft Word) — fully editable and adaptable.