Legal documents
Every agreement, policy, and compliance document in one place. For the full compliance posture — audit chain, PHI controls, framework attestations — see the Trust Center.
Policies
Terms of Service
The rules governing use of the HASP platform, including acceptable use, subscription terms, data handling, and liability.
View Terms of Service →Privacy Policy
How HASP collects, uses, and protects your data — including cookies, sub-processors, PHI handling, and your rights under GDPR and CCPA.
View Privacy Policy →Compliance agreements
Templates for the DPA, BAA, MNDA, and Cloud Service Agreement are published below. Each is countersigned per customer through HASP — contact [email protected] with any questions.
Data Processing Agreement (DPA)
Governs how HASP processes personal data on your behalf as a data processor. Satisfies GDPR Article 28 and CCPA service provider requirements. Includes our full sub-processor list with 30-day advance notice of changes.
View DPA →Business Associate Agreement (BAA)
Required before sending Protected Health Information (PHI) through HASP. The template is published for pre-signup review; the binding BAA is countersigned in-product the moment your organization signs up on any paid tier. Free Evaluation does not include a signed BAA.
View BAA →Mutual Non-Disclosure Agreement (MNDA)
Mutual non-disclosure agreement for pre-sales, security review, and evaluation conversations. Countersigned in-product when you request one — or by email if you need it before signup.
View MNDA →Cloud Service Agreement (CSA)
The master agreement governing every paid HASP subscription. Incorporated by the per-deal Order Form; covers service commitments, payment terms, termination, and data provisions.
View CSA →Security disclosures
Vulnerability reports and pre-filled security questionnaires.
[email protected]