Data Processing Addendum (DPA)

Last updated: November 24, 2025

1. Introduction

This Data Processing Addendum ("DPA") outlines the relationship between Levqor ("Processor") and our customers ("Controller") regarding the processing of personal data under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

When you use Levqor services, you act as the data controller for any personal data you upload or manage through our platform. Levqor acts as your data processor, processing this data solely on your behalf and in accordance with your instructions.

2. Data Processing Scope

2.1 Types of Personal Data

Levqor may process the following categories of personal data on your behalf:

  • Account Data: Email addresses, names, company information
  • Usage Data: Workflow configurations, automation settings, system logs
  • Billing Data: Payment information (processed by Stripe, our payment processor)
  • Support Data: Communications, support tickets, feedback submissions
  • Technical Data: IP addresses, browser information, device identifiers

2.2 Data Subjects

Data subjects may include your employees, contractors, customers, and any other individuals whose personal data you choose to process using Levqor services.

2.3 Processing Activities

Levqor processes personal data to provide automation services, maintain platform security, provide customer support, and improve our services as described in our Privacy Policy.

3. Sub-Processors

Levqor engages the following third-party sub-processors to assist in providing our services:

Stripe, Inc.

Payment processing and billing

Location: United States (GDPR-compliant with SCCs)

Replit, Inc.

Infrastructure hosting and database services

Location: United States (GDPR-compliant)

Vercel, Inc.

Frontend application hosting and CDN

Location: United States (GDPR-compliant)

Cloudflare, Inc.

DNS management and DDoS protection

Location: Global (GDPR-compliant)

Note: We will notify you of any changes to our sub-processors in accordance with applicable laws.

4. Data Protection & Security

Levqor implements appropriate technical and organizational measures to protect personal data, including:

  • Encryption of data in transit (TLS 1.3) and at rest (AES-256)
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Incident response and breach notification procedures
  • Employee training on data protection and security best practices

For detailed information about our security measures, please see our Security page.

5. International Data Transfers

Personal data may be transferred to and processed in countries outside the European Economic Area (EEA). When we transfer data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with sub-processors ensuring GDPR compliance
  • Transfer Impact Assessments where required

See our Privacy Policy and GDPR page for more details.

6. Data Subject Requests

As a data controller, you are responsible for responding to data subject requests. Levqor will assist you by:

  • Providing tools to export, modify, or delete personal data
  • Processing data export and deletion requests submitted via our API
  • Assisting with impact assessments when required

End users can submit requests through our Data Rights page. We commit to responding to verified requests within 30 days.

7. Data Retention & Deletion

Upon termination of your Levqor subscription:

  • Your data will be retained for 30 days to allow for account recovery
  • After 30 days, all personal data will be permanently deleted from our systems
  • Backup data will be deleted in accordance with our retention schedule (maximum 90 days)
  • You may request immediate deletion at any time by contacting support

8. Breach Notification

In the event of a personal data breach, Levqor will:

  • Notify you without undue delay (within 72 hours where feasible)
  • Provide details of the nature of the breach and affected data
  • Describe measures taken to mitigate the breach
  • Assist you in meeting your notification obligations to supervisory authorities and data subjects

9. Audits & Compliance

Upon reasonable notice, Levqor will make available to you information necessary to demonstrate compliance with this DPA and applicable data protection laws. We maintain:

  • SOC 2 Type II compliance (in progress)
  • GDPR-compliant data processing practices
  • Regular third-party security assessments
  • Documentation of technical and organizational measures

⚖️ Legal Disclaimer

This DPA summary is provided for informational purposes. For binding legal commitments, please refer to your signed service agreement and our Terms of Service. Enterprise customers may request a custom DPA through our support team.

10. Contact & Questions

For questions about this DPA or data processing practices, please contact:

Email: privacy@levqor.ai

Data Protection Officer: dpo@levqor.ai

Support: Contact page

Related Legal Documents

Privacy Policy

How we collect and use your data

Terms of Service

Legal agreement for using Levqor

GDPR Compliance

Our commitment to GDPR standards

Security

How we protect your data