Back to home

Data Processing Agreement (DPA)

This Data Processing Agreement forms part of the Terms and Conditions.

1. Roles of the Parties

The Client acts as the Data Controller. Leavely acts as the Data Processor under Article 28 GDPR.

2. Subject Matter

Leavely processes personal data strictly for the purpose of providing cancellation feedback analytics services.

3. Type of Data

  • Email address (if transmitted by Client)
  • Cancellation reasons
  • Optional user comments
  • Technical metadata (IP, logs)

4. Security Measures

Leavely implements appropriate technical and organizational measures to ensure data security, including encryption in transit, access control, and infrastructure security practices.

5. Sub-processors

Leavely may use sub-processors such as:

  • Stripe (payment processing)
  • Vercel (hosting)
  • Database providers (e.g., Neon)

6. Data Transfers

Where personal data is transferred outside the European Union, appropriate safeguards such as Standard Contractual Clauses are applied.

7. Data Breach Notification

In case of a personal data breach, Leavely shall notify the Client without undue delay after becoming aware of the breach.

8. Termination

Upon termination of the service, personal data shall be deleted unless retention is required by law.