This Data Processing Addendum ("DPA") explains how LEADSORBIT processes Customer Personal Data on behalf of customers when providing the LEADSORBIT platform. It defines controller/processor roles, security expectations, sub-processor use, and data handling terms.
Last Updated: January 2026
Legal Entity: LEADSORBIT LLC ("LEADSORBIT," "we," "us," "our")
This DPA applies when LEADSORBIT processes Customer Personal Data on behalf of a customer ("Customer") in connection with the Services.
This DPA is incorporated into the agreement between LEADSORBIT and the Customer and applies only to the extent LEADSORBIT processes Customer Personal Data as a processor/service provider.
LEADSORBIT will process Customer Personal Data only:
Customer is responsible for:
LEADSORBIT ensures that personnel authorized to process Customer Personal Data are subject to appropriate confidentiality obligations.
LEADSORBIT will implement reasonable administrative, technical, and organizational measures designed to protect Customer Personal Data against unauthorized access, loss, misuse, alteration, or disclosure.
No system can be guaranteed 100% secure. Customer is responsible for maintaining strong passwords and limiting access to authorized users.
Customer authorizes LEADSORBIT to engage sub-processors to provide the Services.
LEADSORBIT will ensure sub-processors are bound by contractual obligations designed to protect Customer Personal Data and limit use to providing services to LEADSORBIT.
LEADSORBIT maintains a list of sub-processors at: /sub-processors
Platform Infrastructure Partners (as applicable):
LEADSORBIT may use infrastructure/service partners such as LeadConnector LLC and/or HighLevel Inc. to support platform functionality. These partners may process limited data only to provide platform services under contract.
If Customer receives a request from a data subject (e.g., access, deletion, correction, export), Customer is responsible for responding.
LEADSORBIT will provide reasonable assistance to Customer (where legally required and technically feasible) to help Customer fulfill data subject requests, consistent with LEADSORBIT's role as a processor/service provider.
Cancellation / non-renewal: If Customer's subscription is canceled or not renewed, LEADSORBIT retains account data (including leads and automation-related data) for 90 days to allow reactivation. After 90 days, data may be permanently deleted and may not be recoverable.
Customer may request deletion earlier where technically feasible, subject to legal and operational requirements.
Customer acknowledges that LEADSORBIT may process Customer Personal Data in countries other than Customer's country of residence. Where required by law, the parties will rely on appropriate safeguards for transfers (such as standard contractual clauses or equivalent mechanisms).
If Customer requires compliance documentation, Customer may submit a written request to LEADSORBIT. LEADSORBIT may provide reasonable documentation or summaries of security and privacy controls appropriate to the nature of the Services.
If there is a conflict between this DPA and other terms in the Agreement, this DPA will control with respect to processing of Customer Personal Data.
For DPA questions:
Email: info@leadsorbit.ai
Mailing address available upon written request.
This DPA is designed for most SMB and agency use cases. If your enterprise procurement team requires a signed version or a specific format, contact info@leadsorbit.ai.
