Although cloud enterprise resource planning (ERP) systems are becoming popular, there are still firms that have yet to migrate to the cloud because of data confidentiality and data security concerns. Firms that plan to adopt cloud ERP systems are expected to first understand cloud ERP's data processing practices. This study proposes a case study method with a systematic content analysis of cloud ERP providers' data processing agreements. The study will explore the data disclosure, data security, data sub-processing, and data retention and deletion practices of cloud ERP providers. In addition, this study investigates the linguistic characteristics of cloud ERP providers' data processing agreements including readability, litigious language, and uncertainty language. The findings of this study can help organizations to have a better understanding of the data process practices of cloud ERP providers, as well as the shared responsibilities between cloud ERP providers and users in maintaining data security.