Data Processing Addendum

This Data Processing Addendum ("DPA") describes how LeenOps processes customer personal data when providing the Service.

This public DPA is intended for vendor review and transparency. Enterprise customers may request a signed DPA or a negotiated data processing agreement.

1. Roles

For customer workspace content and customer personal data processed through the Service:

For website analytics, sales, support, billing, and account administration, LeenOps may act as controller.

2. Subject matter

LeenOps processes customer personal data to provide AI agent operations software, including agent configuration, workflow execution, reporting, approvals, integrations, support, monitoring, and security.

3. Duration

Processing continues for the term of the customer's use of the Service and for any additional period needed for deletion, backup expiry, legal obligations, dispute resolution, security, and audit.

4. Categories of data

Customer personal data may include:

• User names, email addresses, roles, and account identifiers.
• Workspace settings, agent configuration, prompts, instructions, and files.
• Knowledge-base materials and retrieved context.
• Run logs, reports, approvals, comments, and operational history.
• Integration metadata and third-party system references.
• Support messages and diagnostic information.

5. Categories of data subjects

Data subjects may include customer users, employees, contractors, prospects, support contacts, end users, and individuals whose information is included in customer-provided materials.

6. Processor obligations

LeenOps will:

• Process customer personal data only to provide, secure, support, and improve the Service, or as instructed by the customer.
• Maintain appropriate technical and organizational measures.
• Limit access to personnel and providers with a business need.
• Assist customers with data-subject requests where required and reasonably possible.
• Notify customers of personal-data incidents as required by applicable law.
• Use subprocessors according to this DPA.

7. Customer obligations

Customers are responsible for:

• Providing lawful processing instructions.
• Obtaining required notices, consents, and rights.
• Configuring appropriate workspace access controls.
• Reviewing AI workflows before submitting regulated or sensitive data.
• Responding to data-subject requests where the customer is controller.

8. Subprocessors

LeenOps may use subprocessors to provide hosting, database, authentication, AI model, analytics, support, security, payment, and communication services.

The current public list is available in the Subprocessor List.

9. International transfers

Where personal data is transferred internationally, LeenOps will use legally recognized safeguards where required, such as standard contractual clauses, data processing agreements, adequacy decisions, or equivalent mechanisms.

10. Deletion and return

On termination, customers may request deletion or export of customer personal data, subject to product capabilities, backup cycles, legal obligations, and legitimate security or audit needs.

11. Security measures

LeenOps maintains measures described in the Security Policy, including HTTPS, access controls, environment separation, secret-handling practices, logging, and operational review.

12. Contact

Vendor review and DPA questions can be sent to hello@leenops.com.

Policy changelog