DPA · 2026

Data Processing Agreement.

For enterprise customers — employers, verifiers, and platforms integrating with Carry — a formal Data Processing Agreement is being prepared ahead of our public launch.

The DPA will cover:

· Roles and responsibilities under UK GDPR (controller / processor / joint-controller scenarios)
· Scope of processing, retention periods, and deletion rights
· Sub-processor list and notification mechanism
· International transfer mechanisms (SCCs, UK IDTA)
· Security measures, breach notification, and audit rights
· DIATF alignment, where applicable to your use case

A draft is available now for any organisation considering early integration. Request it: dpa@getcarry.co.uk.

Carry's architecture is being designed so that the bulk of personal data resides in worker-held wallets rather than Carry's infrastructure — which simplifies the DPA materially for most customer scenarios. We will explain that in detail in the negotiated agreement.

DRAFT · AVAILABLE ON REQUEST