Roles
Customer is the controller or business. Leapable is the processor or service provider for personal data processed on Customer's behalf.
Counsel review required
Data Processing Agreement Template
This template is provided for customer legal review where Leapable acts as a processor for customer personal data in workspace, account, billing, support, OCR, and Share Mode workflows.
Counsel review required before signature. This page is a template, not legal advice,
and the issue acceptance remains blocked until legal counsel records review.
Processing terms for customer review
GDPR Article 28
The template states subject matter, duration, nature, purpose, data categories, data-subject categories, assistance, security, subprocessors, deletion, and audit support. Official reference: Regulation (EU) 2016/679.
Processing details
| Field | Template value |
|---|---|
| Subject matter | Provision of Leapable local-first AI workspace, OCR, account, and support services. |
| Duration | The subscription term plus deletion or return period required by the agreement. |
| Nature and purpose | Indexing, retrieval, citation, provenance, billing, account management, support, security, optional Share Mode, and transient OCR processing. |
| Personal data categories | Account identity, billing metadata, support communications, usage logs, and customer-provided content only when explicitly processed through OCR or Share Mode. |
| Data-subject categories | Customer users, customer personnel, support contacts, and individuals appearing in customer-provided files. |
Processor obligations
Instructions and confidentiality
- Process personal data only on documented customer instructions.
- Ensure personnel with access are bound by confidentiality obligations.
Security and assistance
- Maintain appropriate technical and organizational measures.
- Assist with data-subject requests, DPIAs, and breach-response duties.
Subprocessors
Current subprocessors are listed at /legal/#subprocessors. Material additions receive notice before becoming active for paying customers.
Subprocessor terms
Subprocessors must be bound by written obligations at least as protective as this DPA for the processing they perform. Leapable remains responsible for approved subprocessor performance under the final signed terms.
Transfers
Cross-border transfers require documented customer instructions and an applicable transfer mechanism. Counsel must complete any required SCC, UK IDTA, or addendum before signature.
Audit and information
Leapable will make information reasonably necessary to demonstrate DPA compliance available to Customer and support written-scope audits or reviews under appropriate confidentiality and security controls.
Deletion and return
On termination or written request, Leapable will delete or return personal data it controls unless legal retention duties require otherwise. Local vault deletion remains customer-controlled on customer machines.
Subprocessor list
The canonical subprocessor register is maintained on the Legal page so customers can review Stripe, Cloudflare, RunPod, Resend, AWS, Google, Apple, and GitHub usage in one place: /legal/#subprocessors.
Customer-signable after counsel approval
Replace bracketed fields, attach the master agreement, and execute only after both parties' legal counsel approve the final text.
Customer
Legal name: [Customer legal entity]
Signature: ________________________
Name / title: _____________________
Date: _____________________________
Leapable
Legal name: Leapable, Inc.
Signature: ________________________
Name / title: _____________________
Date: _____________________________
Security status and public controls
Review the SOC 2 public status page, the Security page, and the on-prem guide before final procurement review.