Skip to main content

How do I get OpenRouter's Data Processing Agreement (DPA) for GDPR compliance?

Updated

Overview

OpenRouter's Data Processing Agreement (DPA) for GDPR compliance is available to enterprise-tier customers. Enterprise customers receive a mutually signed DPA through our Trust Portal at trust.openrouter.ai. Self-serve customers can request access to the Trust Portal to review the DPA for informational purposes, but the agreement only applies to enterprise accounts.

How to Access the DPA

  1. Visit the Trust Portal: Go to trust.openrouter.ai
  2. Request access: Submit a request for access to the legal and compliance documentation
  3. Wait for approval: You'll receive a notification when your access has been approved (this may take 1-2 business days)
  4. Review documents: Once approved, you can review the DPA and other security and privacy documentation. Enterprise customers will receive a mutually signed copy of the DPA

What's Included

The Trust Portal provides access to:

  • Data Processing Agreement (DPA) for GDPR Article 28 compliance
  • Security and privacy policies
  • Data handling procedures
  • Information about Standard Contractual Clauses (SCCs) for EU data transfers

Important Details

Enterprise Tier Required for Signed DPA

A mutually signed, enforceable DPA is available exclusively to enterprise-tier customers. If you're on a self-serve plan and need a signed DPA for your compliance requirements, please visit openrouter.ai/enterprise to learn about upgrading to an enterprise plan.

Self-serve customers can still request access to the Trust Portal to review the DPA and other compliance documentation for informational purposes.

Zero Data Retention Compatibility

If you're using OpenRouter's Zero Data Retention (ZDR) endpoints for enhanced privacy, the DPA covers this configuration. ZDR endpoints ensure that your prompts and responses aren't stored by OpenRouter or the underlying model providers.

Processing Time

Trust Portal access requests are processed by a dedicated team, not our general support staff. Approval typically takes 1-2 business days, and our support team cannot expedite these requests.

Common Issues

"I submitted a request but haven't heard back"

Trust Portal approvals are handled separately from general support tickets. You'll receive an email notification when your access is approved. If you haven't heard back after 3 business days, you can contact support for a status update.

"I need a signed DPA for a compliance review"

Signed DPAs are available to enterprise-tier customers. If you need a mutually executed DPA, please visit openrouter.ai/enterprise to learn about upgrading. We recommend reaching out well in advance of any compliance deadlines, as the enterprise onboarding process takes time.

"Do I need to sign the DPA separately?"

Enterprise customers will receive information about the DPA execution process through the Trust Portal. The DPA is a separate agreement from your standard service terms and requires mutual execution between OpenRouter and your organization.

Additional Compliance Resources

For comprehensive GDPR compliance when using OpenRouter:

  • Enable Zero Data Retention endpoints for sensitive data processing
  • Review our data deletion policies for activity logs in our Help Center
  • Consider your data residency requirements when selecting model providers
  • Document OpenRouter as a subprocessor in your own privacy policies

For technical implementation details, visit the OpenRouter documentation.

Related articles