This is a good question to which the short answer is that because of the way MemberMouse operates, a Data Processing Agreement (DPA) between MemberMouse and our customers in the EU is not necessary under the terms of the GDPR.
It's possible to answer this more in-depth by clarifying the relationship between you (our customer), your members' data and MemberMouse. In actuality, all personal data for your members is stored in database tables on your host server and MemberMouse doesn't have a copy of it. No personal information about your customers is stored on our server. Additionally, when you (our customer) process payments, your members’ payment details are stored on your integrated payment processor's servers. The only thing that's stored with MemberMouse is the unique ID for the payment and the date it should be processed. For the Reporting Suite feature, MemberMouse does collect aggregated data (such as total number of members, total number of orders). However, this does not include personally identifiable member information.