Data Processing Addendum (DPA)

Last updated: 22 February 2026

1. Parties and roles

This DPA forms part of the service agreement between LeadClaw AI (Processor) and the customer (Controller), where Processor handles personal data on Controller's behalf.

2. Subject matter and duration

Processing is limited to providing contracted lead-capture and automation services for the duration of the service agreement.

3. Nature and purpose of processing

• Collection and routing of inbound lead/contact data
• Workflow automation and support operations
• Service analytics, diagnostics, and system security

4. Categories of data subjects and data

• Prospects, customers, and business contacts of Controller
• Typical data: name, phone, email, service intent, notes, timestamps

5. Processor obligations

• Process data only on documented instructions from Controller
• Maintain confidentiality and access controls
• Implement appropriate technical and organisational security measures
• Assist Controller with data subject rights requests where reasonably required
• Notify Controller of personal data breaches without undue delay

6. Sub-processors

Controller authorises use of sub-processors required for service delivery (e.g., hosting, database, payments, communications providers), subject to contractual data protection obligations.

7. International transfers

Where transfers outside the UK occur, Processor will apply suitable safeguards (e.g., UK addendum/IDTA or equivalent lawful transfer mechanism).

8. Audits and information

Processor will provide reasonable information necessary to demonstrate compliance, subject to confidentiality, security, and proportionality limits.

9. Return/deletion

Upon termination, Processor will delete or return personal data as instructed, unless retention is required by law.

10. Liability

Liability under this DPA is subject to the limitations in the main service terms, where legally permitted.

11. Contact

DPA contact: support@leadclaw.ai