Data Processing Addendum

You are the data controller. lepta is the data processor and processes data only on documented instructions.

lepta maintains industry-standard administrative, technical, and physical safeguards including SOC 2 Type II controls.

A current list is published at /legal/sub-processors. New sub-processors are announced 30 days in advance.

Where applicable, Standard Contractual Clauses (SCCs) and the UK Addendum are incorporated by reference.

lepta assists with subject access, deletion, and portability requests within the timeframes required by law.

Customers on Enterprise plans may request annual SOC 2 reports and complete security questionnaires.

This DPA is automatically incorporated into the Terms of Service for all paid customers. To request a counter-signed copy, email legal@lepta.app.