LeadSeed Data Processing Agreement Last updated: 20th May, 2026 This Data Processing Agreement (“DPA”) forms part of the agreement between LeadSeed — Business Growth Platform and the customer using LeadSeed services. This DPA applies where LeadSeed processes personal data on behalf of a customer in connection with the LeadSeed platform, services, automations, CRM, communications, funnels, calendars, forms, websites, workflows, integrations, support or related services. LeadSeed is operated from: LeadSeed — Business Growth Platform BR2 0XG, Bromley, London, United Kingdom Phone: +44 7999 691620 Email: [email protected] Website: https://leadseed.club For data protection matters, contact: [email protected] ⸻ 1. Parties This DPA is between: LeadSeed, referred to as “LeadSeed”, “we”, “us”, “our” or “Processor”; and The customer using LeadSeed, referred to as “Customer”, “you”, “your” or “Controller”. Where you use LeadSeed on behalf of a company, business, organisation, partnership or other legal entity, you confirm that you have authority to bind that entity to this DPA. ⸻ 2. Relationship With Other Agreements This DPA forms part of and is incorporated into: * LeadSeed Terms of Use; * LeadSeed Privacy Policy; * any order form, subscription agreement, service agreement, onboarding agreement or written arrangement between LeadSeed and the Customer. If there is a conflict between this DPA and the Terms of Use regarding the processing of Customer Personal Data, this DPA will control only for that data protection conflict. All other commercial terms, including fees, liability limits, suspension rights, acceptable use rules and service restrictions, remain governed by the Terms of Use unless expressly stated otherwise. ⸻ 3. Definitions In this DPA: “Applicable Data Protection Laws” means all data protection and privacy laws that apply to the processing of Customer Personal Data, including where applicable the UK GDPR, Data Protection Act 2018, PECR, EU GDPR and any other applicable privacy or electronic communications laws. “Controller” has the meaning given under Applicable Data Protection Laws. In general, it means the party that decides why and how personal data is processed. “Processor” has the meaning given under Applicable Data Protection Laws. In general, it means the party that processes personal data on behalf of the Controller. “Customer Personal Data” means personal data processed by LeadSeed on behalf of the Customer through the LeadSeed services. “Data Subject” means an identified or identifiable individual whose personal data is processed. “End Customer” means the Customer’s own lead, prospect, client, contact, customer, patient, subscriber, user or other individual whose personal data is processed through LeadSeed. “Sub-processor” means any third party engaged by LeadSeed to process Customer Personal Data on behalf of the Customer. “Services” means the LeadSeed platform, software access, CRM, automations, messaging tools, forms, funnels, calendars, pipelines, websites, integrations, templates, support and related services. “HighLevel”, “GoHighLevel”, “GHL”, “LeadConnector” and related terms refer to third-party software, infrastructure, APIs, applications, communications tools and systems that may power parts of LeadSeed. “Restricted Transfer” means a transfer of personal data outside the United Kingdom, European Economic Area or another protected jurisdiction where transfer safeguards are required by Applicable Data Protection Laws. ⸻ 4. Scope of This DPA This DPA applies only where LeadSeed processes Customer Personal Data as a Processor on behalf of the Customer. This DPA does not apply where LeadSeed processes personal data as an independent Controller, including for: * LeadSeed account administration; * billing; * direct customer support; * sales communications; * platform security; * fraud prevention; * our own marketing; * legal compliance; * business records; * analytics relating to our own website or business. Those activities are covered by the LeadSeed Privacy Policy. ⸻ 5. Roles of the Parties For Customer Personal Data: 1. The Customer is the Controller. 2. LeadSeed is the Processor. 3. The Customer decides what personal data is collected, uploaded, stored, messaged, automated, segmented, deleted or otherwise processed. 4. LeadSeed processes Customer Personal Data only to provide the Services and according to the Customer’s documented instructions, unless required by law. The ICO states that processors must process personal data only on documented instructions from the controller, and that controller-processor contracts must contain compulsory provisions under UK GDPR Article 28. ⸻ 6. Customer Instructions The Customer instructs LeadSeed to process Customer Personal Data as necessary to: * provide and maintain the Services; * host and store data; * operate CRM records; * manage contacts, opportunities and pipelines; * process forms, surveys and bookings; * send or manage communications; * run workflows and automations; * provide technical support; * connect integrations; * manage account access and permissions; * troubleshoot issues; * secure the platform; * comply with the agreement; * perform any other processing reasonably necessary to provide LeadSeed. The Customer may provide additional documented instructions through: * platform configuration; * account settings; * workflows; * integrations; * support requests; * written instructions; * service agreements; * order forms; * onboarding forms. LeadSeed is not required to follow instructions that, in its reasonable opinion, would breach law, third-party rules, platform security, telecom rules, anti-spam laws, data protection laws or the LeadSeed Terms of Use. If LeadSeed believes an instruction may breach Applicable Data Protection Laws, LeadSeed will notify the Customer where legally permitted. ⸻ 7. Details of Processing 7.1 Subject Matter Processing of Customer Personal Data through LeadSeed for CRM, lead management, communication, automation, booking, marketing, customer follow-up, sales pipeline management, reporting, support and related business growth activities. 7.2 Duration For the duration of the Customer’s use of LeadSeed and for any additional period required for backups, legal obligations, dispute resolution, security, audit, accounting, fraud prevention, compliance or data return/deletion processes. 7.3 Nature and Purpose LeadSeed processes Customer Personal Data to provide platform services, including: * collecting data through forms, surveys, funnels and websites; * storing and organising CRM contacts; * managing calendars and appointments; * sending, receiving or tracking communications; * running workflows and automations; * tracking pipeline stages and opportunities; * integrating with third-party tools; * providing reports and dashboards; * providing customer support; * maintaining security and service reliability. 7.4 Categories of Data Subjects Customer Personal Data may relate to: * leads; * prospects; * customers; * clients; * patients; * subscribers; * website visitors; * appointment bookers; * event attendees; * employees or contractors of the Customer; * representatives of the Customer; * suppliers or partners; * other individuals whose data the Customer chooses to process through LeadSeed. 7.5 Categories of Personal Data Customer Personal Data may include: * name; * email address; * phone number; * address; * business name; * job title; * enquiry information; * appointment details; * messages; * form submissions; * survey responses; * tags; * notes; * pipeline status; * communication history; * purchase or booking information; * consent and opt-out records; * IP address; * device or technical data; * files uploaded by the Customer; * other information entered, uploaded or collected by the Customer. 7.6 Special Category Data LeadSeed is not designed for unnecessary processing of special category data or highly sensitive data. The Customer must not process special category data through LeadSeed unless the Customer has: * a valid lawful basis; * a valid Article 9 condition where required; * provided appropriate notices; * obtained explicit consent where required; * implemented appropriate safeguards; * confirmed that the Services are suitable for the intended use. Special category data may include health data, biometric data, religious beliefs, political opinions, racial or ethnic origin, trade union membership, sex life or sexual orientation data. ICO guidance explains that special category data requires both a lawful basis and a separate condition for processing. ⸻ 8. Customer Obligations The Customer is responsible for: 1. complying with Applicable Data Protection Laws; 2. having a lawful basis for collecting and processing Customer Personal Data; 3. providing clear privacy notices to End Customers; 4. obtaining valid consent where required, including for marketing communications; 5. keeping records of consent where required; 6. ensuring Customer Personal Data is accurate, relevant and lawful; 7. not uploading data the Customer has no right to process; 8. handling Data Subject requests where the Customer is Controller; 9. managing unsubscribe, STOP and opt-out requests; 10. configuring automations lawfully; 11. ensuring messages, campaigns and follow-ups comply with law; 12. ensuring staff and contractors use LeadSeed lawfully; 13. determining retention periods for Customer Personal Data; 14. determining whether DPIAs or other compliance checks are required; 15. ensuring the Customer’s own use of LeadSeed is suitable for its industry and legal obligations. LeadSeed does not decide the lawful basis, message recipients, campaign content, retention periods, consent status, advertising claims, customer journey or legal suitability of the Customer’s use of the Services. ⸻ 9. LeadSeed Obligations LeadSeed will: 1. process Customer Personal Data only on documented instructions from the Customer, unless required by law; 2. ensure persons authorised to process Customer Personal Data are subject to confidentiality obligations; 3. implement appropriate technical and organisational measures; 4. assist the Customer with Data Subject rights where reasonably possible; 5. assist the Customer with security, breach notification, DPIAs and prior consultation obligations where required and reasonably possible; 6. use approved Sub-processors as described in this DPA; 7. delete or return Customer Personal Data at the end of services, subject to legal, technical and backup limitations; 8. make available information reasonably necessary to demonstrate compliance with this DPA; 9. notify the Customer if an instruction appears to infringe Applicable Data Protection Laws, where legally permitted. These obligations reflect the core Article 28 requirements described by the ICO for controller-processor contracts. ⸻ 10. Confidentiality LeadSeed will ensure that persons authorised to process Customer Personal Data are subject to a duty of confidentiality, whether by contract, employment obligation, professional obligation or law. LeadSeed will limit access to Customer Personal Data to personnel, contractors and Sub-processors who need access to provide, maintain, support, secure or improve the Services. ⸻ 11. Security Measures LeadSeed will implement appropriate technical and organisational measures designed to protect Customer Personal Data against unauthorised or unlawful processing, accidental loss, destruction, damage, disclosure or access. Measures may include, where appropriate: * access controls; * password protection; * account permissions; * role-based access; * authentication mechanisms; * secure hosting providers; * encryption where supported by underlying providers; * backups; * system monitoring; * logging; * vendor due diligence; * confidentiality obligations; * internal access restrictions; * incident response processes; * platform security settings; * data segregation where technically supported; * reasonable administrative safeguards. The Customer acknowledges that no system is completely secure and that the security of Customer Personal Data also depends on the Customer’s own configuration, user access, passwords, devices, integrations, staff and lawful use. ⸻ 12. Customer Security Responsibilities The Customer is responsible for: * using strong passwords; * keeping login credentials confidential; * controlling user access; * removing former staff or contractors; * configuring permissions properly; * securing connected email, SMS, WhatsApp, payment, calendar, domain and integration accounts; * reviewing workflow settings; * preventing unauthorised exports; * monitoring account activity; * reporting suspected security incidents promptly. LeadSeed is not responsible for security incidents caused by the Customer’s weak passwords, shared logins, compromised devices, unauthorised users, misconfigured automations, insecure integrations or failure to manage account access. ⸻ 13. Sub-processors The Customer gives LeadSeed general written authorisation to engage Sub-processors to process Customer Personal Data where necessary to provide the Services. Sub-processors may include providers for: * platform infrastructure; * HighLevel, GoHighLevel, LeadConnector and related services; * hosting; * CRM infrastructure; * SMS and telecom services; * email delivery; * WhatsApp-related services; * payment processing; * analytics; * error monitoring; * support tools; * AI services where enabled; * automation tools; * domain, funnel, website or form services; * security and operational tools. Where LeadSeed appoints a Sub-processor, LeadSeed will use reasonable efforts to ensure that the Sub-processor is bound by data protection obligations that provide an appropriate level of protection for Customer Personal Data. The ICO explains that when a processor uses another processor, there must be a written contract with equivalent protection for personal data. ⸻ 14. Current Key Sub-processors The Customer acknowledges that LeadSeed may rely on the following key Sub-processors or third-party providers, depending on the features used: Provider / Category Purpose HighLevel / GoHighLevel / LeadConnector Underlying CRM, platform, automations, communications, forms, funnels, websites, workflows, calendars, infrastructure and related services Hosting and infrastructure providers Hosting, storage, security, backups and platform operations Telecom / SMS providers SMS, phone numbers, calls, message routing and telecom services Email providers Email sending, deliverability and message processing WhatsApp-related providers WhatsApp-related communications where enabled Payment processors Billing, subscriptions, invoices and payments Analytics and monitoring providers Usage analytics, error logging, performance and security monitoring Support tools Customer service, ticketing, chat, troubleshooting and onboarding AI providers, where enabled AI-assisted content, summaries, suggestions, chatbots or automation support HighLevel publishes its own Data Processing Agreement and states that it uses transfer mechanisms such as adequacy decisions and Standard Contractual Clauses for restricted transfers. HighLevel also states in its GDPR guidance that its DPA uses Standard Contractual Clauses to support lawful transfers of personal data to the USA. ⸻ 15. Changes to Sub-processors LeadSeed may add, replace or remove Sub-processors from time to time. Where legally required and reasonably practical, LeadSeed will provide notice of material changes to Sub-processors through one or more of the following: * website update; * platform notice; * email notice; * updated DPA; * updated Privacy Policy; * updated sub-processor list. If the Customer reasonably objects to a new Sub-processor on data protection grounds, the Customer must notify LeadSeed in writing within 10 days of receiving notice. LeadSeed may then, at its discretion: 1. provide further information; 2. use reasonable efforts to offer an alternative; 3. restrict the affected feature; 4. allow the Customer to terminate the affected service; 5. determine that the objection cannot be accommodated. If the objection cannot be accommodated, the Customer’s remedy is to stop using the affected feature or terminate the relevant service. ⸻ 16. International Transfers Customer Personal Data may be processed outside the United Kingdom, including in the United States or other countries where LeadSeed, HighLevel, LeadConnector or other Sub-processors operate. Where Restricted Transfers occur, LeadSeed will use reasonable efforts to rely on appropriate transfer safeguards where required, such as: * adequacy decisions; * UK International Data Transfer Agreement; * UK Addendum to EU Standard Contractual Clauses; * EU Standard Contractual Clauses; * provider transfer terms; * other lawful transfer mechanisms under Applicable Data Protection Laws. The Customer authorises LeadSeed and its Sub-processors to make international transfers as necessary to provide the Services, subject to appropriate safeguards where required. ⸻ 17. Data Subject Requests Where LeadSeed receives a request from a Data Subject relating to Customer Personal Data, LeadSeed may: 1. direct the Data Subject to contact the Customer; 2. notify the Customer where appropriate; 3. assist the Customer where reasonably possible; 4. respond directly only where required by law or authorised by the Customer. The Customer is primarily responsible for responding to Data Subject requests where the Customer is the Controller. LeadSeed will provide reasonable assistance, taking into account the nature of the processing and the information available to LeadSeed. Reasonable assistance may include helping with: * access requests; * deletion requests; * correction requests; * restriction requests; * portability requests; * objection requests; * unsubscribe or opt-out requests, where technically supported. LeadSeed may charge reasonable fees for assistance that is excessive, complex, repetitive, manual, outside standard support or caused by the Customer’s misuse of the Services. ⸻ 18. Personal Data Breaches LeadSeed will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer Personal Data. The notice may include, where available: * nature of the breach; * categories of data affected; * approximate number of Data Subjects affected; * likely consequences; * measures taken or proposed; * contact point for follow-up. LeadSeed may provide this information in phases if full details are not immediately available. The Customer is responsible for determining whether the breach must be reported to the ICO, another supervisory authority or affected Data Subjects. LeadSeed will provide reasonable assistance to the Customer, taking into account the nature of the processing and the information available to LeadSeed. ⸻ 19. DPIAs and Prior Consultation Where required by Applicable Data Protection Laws, LeadSeed will provide reasonable assistance to the Customer with Data Protection Impact Assessments and prior consultation with supervisory authorities, taking into account: * the nature of the processing; * the information available to LeadSeed; * the Customer’s configuration; * the Customer’s intended use; * technical feasibility; * commercial reasonableness. The Customer remains responsible for determining whether a DPIA is required for its use of LeadSeed. ⸻ 20. Audits and Compliance Information LeadSeed will make available information reasonably necessary to demonstrate compliance with this DPA. This may include: * copies of relevant policies; * security summaries; * provider documentation; * sub-processor information; * data protection terms; * audit summaries where available; * written responses to reasonable security or privacy questionnaires. Any audit or inspection must be: 1. legally required; 2. reasonably necessary; 3. limited in scope; 4. subject to confidentiality; 5. conducted with reasonable notice; 6. during normal business hours; 7. not disruptive to LeadSeed’s business or other customers; 8. not compromise security, trade secrets, systems, provider contracts or other customers’ data. LeadSeed may refuse, limit or charge for audits that are excessive, repetitive, speculative, unsafe, commercially unreasonable or not required by law. Where third-party providers such as HighLevel/LeadConnector operate the underlying infrastructure, audit access may be limited to information those providers make available. ⸻ 21. Return or Deletion of Customer Personal Data At the end of the Services, LeadSeed will, at the Customer’s choice and where technically possible, delete or return Customer Personal Data, unless retention is required by law or permitted under this DPA. The Customer must request export or deletion before account closure where possible. Deletion may not be immediate from: * backups; * logs; * archives; * billing records; * legal records; * security records; * fraud prevention records; * third-party provider systems; * telecom records; * email delivery records; * systems controlled by the Customer; * systems controlled by third-party integrations. Backup copies may be deleted according to normal backup cycles. LeadSeed may retain limited data where necessary for legal compliance, dispute resolution, accounting, tax, security, fraud prevention, enforcement of terms or legitimate business records. Article 28 requires end-of-contract provisions for deletion or return of personal data, unless law requires storage. The ICO highlights this as a required processor contract term. ⸻ 22. Messaging, Consent and PECR The Customer is solely responsible for ensuring that any email, SMS, WhatsApp-related message, call, voicemail, social message or other communication sent through LeadSeed complies with applicable laws, including UK GDPR and PECR. The Customer must ensure: * proper consent where required; * lawful basis for processing; * valid opt-out mechanism; * accurate sender identity; * suppression lists are honoured; * marketing rules are followed; * message content is lawful and not misleading; * recipients are contacted lawfully. LeadSeed does not verify every contact’s consent status, every message, every workflow or every campaign before sending. LeadSeed may suspend or restrict messaging where it believes the Customer’s use creates legal, compliance, deliverability, carrier, platform or reputational risk. ⸻ 23. Automated Processing and AI Where the Customer enables automations, workflows, AI features, chatbots, suggested replies, summaries, prompts or other automated tools, the Customer remains responsible for ensuring that the processing is lawful, fair, transparent and appropriate. The Customer must review AI-generated or automated outputs before relying on them where appropriate. LeadSeed does not guarantee that AI outputs, automated messages, workflow logic or generated content will be accurate, lawful, compliant or suitable for the Customer’s business. Unless expressly agreed otherwise, LeadSeed does not intentionally use Customer Personal Data to train public AI models. ⸻ 24. Special Instructions for Regulated or Sensitive Industries If the Customer operates in a regulated or sensitive industry, including healthcare, finance, legal services, immigration, insurance, debt collection, education, childcare, employment, housing or other regulated areas, the Customer is responsible for ensuring that LeadSeed is appropriate for its intended use. The Customer must not use LeadSeed in a way that requires security, compliance, regulatory or contractual standards that LeadSeed has not expressly agreed to in writing. This includes, where applicable, requirements relating to medical confidentiality, financial regulations, legal privilege, safeguarding, professional secrecy, industry-specific retention, regulatory audit trails or regulated advice. ⸻ 25. No Sale of Customer Personal Data LeadSeed does not sell Customer Personal Data. LeadSeed processes Customer Personal Data to provide the Services, operate the platform, support the Customer, maintain security, comply with law and perform the agreement. LeadSeed may use aggregated or anonymised data that does not identify the Customer, End Customers or individuals for analytics, service improvement, benchmarking, security, product development or business reporting. ⸻ 26. Government and Legal Requests If LeadSeed receives a legal request, court order, regulator request or law enforcement request relating to Customer Personal Data, LeadSeed will, where legally permitted and reasonably practical: 1. notify the Customer; 2. provide the minimum data legally required; 3. challenge or narrow requests where appropriate and commercially reasonable. LeadSeed may disclose Customer Personal Data without prior notice where legally required or where notice is prohibited. ⸻ 27. Liability The liability of each party under this DPA is subject to the limitations and exclusions in the LeadSeed Terms of Use or other applicable written agreement between the parties. Nothing in this DPA limits liability where such limitation is prohibited by law. The Customer is responsible for claims, fines, complaints, losses or liabilities arising from: * unlawful collection of data; * lack of consent; * unlawful marketing; * inaccurate privacy notices; * improper use of LeadSeed; * unlawful automations; * uploaded data the Customer had no right to process; * breach of PECR, UK GDPR or other applicable laws by the Customer; * instructions that cause unlawful processing. ⸻ 28. Indemnity The Customer agrees to indemnify and hold LeadSeed harmless from claims, fines, penalties, losses, damages, costs, expenses and legal fees arising from: 1. the Customer’s breach of this DPA; 2. the Customer’s breach of Applicable Data Protection Laws; 3. unlawful marketing or messaging by the Customer; 4. failure to obtain valid consent; 5. failure to provide privacy notices; 6. unlawful processing instructions; 7. Customer Personal Data uploaded unlawfully; 8. claims from End Customers caused by the Customer’s use of LeadSeed; 9. regulatory action caused by the Customer’s conduct. ⸻ 29. Term This DPA begins when the Customer accepts the Terms of Use, creates a LeadSeed account, signs an agreement, receives access to the Services or otherwise uses LeadSeed. This DPA remains in effect for as long as LeadSeed processes Customer Personal Data on behalf of the Customer. Sections relating to confidentiality, security, deletion, liability, international transfers, audit records and legal compliance survive termination where necessary. ⸻ 30. Changes to This DPA LeadSeed may update this DPA from time to time to reflect: * legal changes; * regulatory guidance; * platform changes; * HighLevel/LeadConnector changes; * new Sub-processors; * new features; * security improvements; * operational changes; * international transfer requirements; * changes to the LeadSeed business model. Where changes are material, LeadSeed will take reasonable steps to notify Customers. Continued use of LeadSeed after the updated DPA becomes effective means the Customer accepts the updated DPA. If the Customer does not agree, the Customer must stop using the Services and request account closure or data export where available. ⸻ 31. Governing Law This DPA is governed by the laws of England and Wales. The courts of England and Wales will have exclusive jurisdiction over disputes arising from or relating to this DPA, except where applicable law requires otherwise. ⸻ Annex 1 — Processing Details A. Controller The Customer using LeadSeed. B. Processor LeadSeed — Business Growth Platform BR2 0XG, Bromley, London, United Kingdom [email protected] C. Subject Matter Processing of Customer Personal Data through LeadSeed for CRM, lead management, automations, communications, forms, funnels, calendars, pipelines, websites, support and related business growth activities. D. Duration For the duration of the Customer’s use of LeadSeed and any additional retention period required for backups, legal obligations, security, accounting, dispute resolution or deletion/export processes. E. Nature of Processing Collection, recording, organisation, structuring, storage, retrieval, consultation, use, transmission, disclosure, alignment, combination, restriction, deletion, export and other processing necessary to provide LeadSeed. F. Purpose of Processing To provide the LeadSeed platform and related services to the Customer. G. Categories of Data Subjects * End Customers; * leads; * prospects; * customers; * clients; * patients; * subscribers; * appointment bookers; * website visitors; * Customer staff; * Customer contractors; * suppliers; * other individuals whose data is processed by the Customer through LeadSeed. H. Categories of Personal Data * names; * phone numbers; * email addresses; * postal addresses; * business details; * job titles; * form submissions; * survey answers; * enquiry details; * appointment information; * communication history; * message content; * tags; * notes; * pipeline data; * booking data; * consent and opt-out records; * IP addresses; * device and technical data; * uploaded files; * other data submitted by the Customer. I. Special Category Data Not intentionally required by LeadSeed. The Customer must not process special category data unless legally permitted and properly safeguarded. ⸻ Annex 2 — Technical and Organisational Measures LeadSeed may use the following measures, where appropriate and technically supported: Access Control * user accounts; * password protection; * role-based permissions; * restricted administrative access; * removal of access where no longer needed. Confidentiality * confidentiality obligations for authorised personnel; * limited access to Customer Personal Data; * use of trusted contractors and providers. Security * secure third-party infrastructure; * platform-level security controls; * encryption where supported by providers; * backups where available; * logging and monitoring; * abuse prevention; * incident response procedures. Availability and Resilience * use of established platform and infrastructure providers; * backups where supported; * monitoring of service availability; * reliance on third-party provider resilience measures. Data Minimisation * Customer controls what data is uploaded; * LeadSeed processes data needed to provide the Services; * unnecessary sensitive data is discouraged. Sub-processor Management * use of service providers necessary for platform delivery; * contractual protection where appropriate; * reliance on provider DPAs and security documentation where applicable. Incident Response * investigation of suspected incidents; * customer notification where required; * mitigation steps where reasonably possible. ⸻ Annex 3 — Sub-processor Categories LeadSeed may use Sub-processors in the following categories: Category Processing Activity HighLevel / GoHighLevel / LeadConnector Core platform, CRM, workflows, automations, calendars, funnels, websites, messaging, infrastructure Hosting providers Hosting, storage, backups, infrastructure Telecom providers SMS, calls, phone numbers, routing Email providers Email sending, delivery, tracking WhatsApp-related providers WhatsApp-related messaging where enabled Payment processors Billing, payments, invoices Support tools Customer support and troubleshooting Analytics tools Usage analytics and product improvement Security tools Monitoring, fraud prevention, protection AI providers, if enabled AI-assisted content, summaries, responses or automation support Integration providers Webhooks, APIs, connected apps and automation services ⸻ Annex 4 — Customer Documented Instructions The Customer instructs LeadSeed to process Customer Personal Data to: 1. provide the LeadSeed platform; 2. operate CRM and contact records; 3. collect data through forms, funnels, surveys and websites; 4. manage bookings, calendars and appointments; 5. send and receive communications; 6. run automations and workflows; 7. manage pipelines and opportunities; 8. provide dashboards and reporting; 9. provide support and troubleshooting; 10. connect third-party integrations; 11. maintain security and platform operations; 12. perform any other processing configured or requested by the Customer through the Services.
Legal
Data Processing Agreement
This DPA explains how LeadSeed processes Customer Personal Data on behalf of customers using the LeadSeed platform and services.