Do you need a Data Processing Agreement with Metabase to comply with GDPR?
If you self-host your Metabase instance, we have no access to any of your data, UNLESS you opted in to give us anonymized usage stats. Even in that case, Metabase doesn’t gather any personally-identifiable data. As such, if you’re self-hosting, we are not a data processor for the purposes of GDPR.
If you’re a Metabase Cloud customer, your Terms of Service include a Data Processing Agreement (DPA).