Trust & compliance library

Everything procurement, legal, and security teams ask for — in one place. For anything not listed, email [email protected].

Privacy & data processing

Data Processing Addendum (DPA)

Standard processor obligations covering GDPR, UK GDPR, and CCPA. Pre-signed by Lepta — counter-sign and return.

Read

Sub-processors list

Live list of every third-party processor we share Customer Data with, plus the regions and purpose.

Read

How we handle personal information for visitors, accounts, and customers.

Read

Security

Security overview

Our SOC 2 controls, encryption, key management, retention, and incident-response practices.

Read

SOC 2 Type II report

Available under NDA. Email [email protected] and we'll send the latest report within 1 business day.

Request

Penetration test summary

Latest third-party pentest report, available under NDA.

Request

Contracts

Master Services Agreement (MSA)

Our standard MSA — used for Business and Enterprise customers. Editable redlines accepted on Enterprise.

Read

Self-serve terms governing Free, Starter, and Pro accounts.

Read

Need something specific?

HIPAA BAA, custom DPA terms, vendor-onboarding questionnaires (CAIQ, SIG Lite), regional data-residency commitments, and Enterprise redlines are all handled directly by our security team. Email [email protected] and we'll respond within 1 business day.