Skip to content
Invite-only right now.Join waitlist

Legal

Data Processing Agreement

Effective date: April 27, 2026  ·  Leadspresso LLC  ·  Miami, Florida

Leadspresso processes personal data about your end customers (leads, callers, form submitters) on your behalf when you use our call tracking, landing page, and lead attribution features. This relationship is governed by a Data Processing Agreement (DPA) that sits alongside our Terms of Service and Privacy Policy.

What the DPA covers

  • GDPR Article 28 terms — confidentiality, sub-processor authorization, data subject rights assistance, breach notification, audit rights, and end-of-contract data return or deletion.
  • CCPA / CPRA Service Provider terms — restrictions on retention, use, and disclosure; prohibition on selling or sharing personal information for cross-context behavioral advertising; cooperation with consumer rights requests.
  • International transfer safeguards — Standard Contractual Clauses (SCCs) issued by the European Commission for transfers from the EEA, the UK International Data Transfer Addendum for transfers from the UK, and reliance on the EU-US Data Privacy Framework where applicable. Module 2 (Controller to Processor) governs Client-to-Leadspresso transfers; Module 3 (Processor to Sub-processor) governs Leadspresso-to-Sub-processor transfers.
  • Documented instructions & lawful basis — Leadspresso processes Lead Data only on documented instructions from you as the Controller. Your acceptance of the Terms of Service, together with any supplemental written instructions you provide, constitutes the documentation of those instructions for the purposes of GDPR Article 28(3)(a). You (as Controller) are solely responsible for identifying and maintaining a valid lawful basis for processing Lead Data under applicable law (e.g., GDPR Article 6 and, where applicable, Article 9). Leadspresso will promptly inform you if, in its reasonable opinion, an instruction infringes applicable data protection law.
  • Data Protection Impact Assessment (DPIA) — Clients processing Lead Data at scale, or involving special categories of data (health, financial, or other sensitive disclosures), should conduct a DPIA before deploying Leadspresso's call tracking or recording features. Leadspresso will provide reasonable cooperation in any such assessment upon request.
  • Sub-processor list — incorporates the current list of sub-processors maintained at /subprocessors, with at least 30 days' advance notice of additions and a right to object.
  • Security measures — the technical and organizational measures described in our Privacy Policy and supplemented in the executed DPA.
  • Breach notification — in the event of a confirmed breach affecting Lead Data, we will notify you as the affected Client without undue delay and in any event within forty-eight (48) hours of confirming the incident, providing sufficient detail (nature of the breach, categories and approximate volume of data affected, measures taken or planned) for you to meet your own notification obligations under GDPR Articles 33–34 and applicable U.S. state breach notification statutes.

Domestic clients — acknowledgment at signup

For Clients whose operations and end customers are located exclusively within the United States, the processor/controller relationship described on this page is acknowledged and accepted as part of your acceptance of our Terms of Service at signup. A separately executed DPA is not required for domestic-only engagements but remains available on request at no charge. If your operations expand to include EEA, UK, or Swiss data subjects, a signed DPA with Standard Contractual Clauses is required before processing data from those jurisdictions.

Who needs a signed DPA

You should sign a DPA with us if any of the following apply:

  • Your end customers include residents of the European Economic Area, the United Kingdom, or Switzerland.
  • You are a covered business under the California Consumer Privacy Act / California Privacy Rights Act, or any other US state privacy law (Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Florida).
  • Your own customers, vendors, or auditors require it as a condition of doing business with you.

Even if none of the above apply, we are happy to execute a DPA on request. We do not charge for it.

How to request and execute

Email support@leadspresso.com with the subject line DPA Requestand include your business name, the entity name to be listed as the Controller, and the signatory's name and email. We will return a countersigned PDF within five (5) business days.

The executed DPA is incorporated by reference into your Terms of Service and supersedes any conflicting privacy terms in those Terms with respect to processing of end-customer personal data.

HIPAA

The DPA is not a HIPAA Business Associate Agreement. Leadspresso does not enter into BAAs and the platform is not designed to receive Protected Health Information. If you are a HIPAA Covered Entity or Business Associate, see our Terms of Service for the corresponding restrictions on your use of the platform.

Contact

Leadspresso LLC
Principal place of business: Miami, Florida
Registered agent: c/o Northwest Registered Agent
7901 4th St N, Suite 300
St. Petersburg, FL 33702, United States
support@leadspresso.com