Last updated: April 5, 2026. This DPA supplements the Terms of Service for clients who act as data controllers under GDPR or businesses under CCPA.
"Controller," "Processor," "Personal Data," "Data Subject," "Processing," and "Supervisory Authority" have the meanings given in the EU General Data Protection Regulation (GDPR). "Business," "Service Provider," "Consumer," and "Personal Information" have the meanings given in the California Consumer Privacy Act (CCPA) as amended by CPRA. "Client" means the customer of Agent Lead Engine LLC that has agreed to the Terms of Service.
For Personal Data submitted to our services by Client (including Client's leads, customers, and prospects), Client is the Controller or Business and Agent Lead Engine LLC is the Processor or Service Provider. We process Personal Data only on Client's documented instructions and only for the purposes necessary to deliver the Services.
This DPA applies for as long as we process Personal Data on Client's behalf. Upon termination, we will return or delete Personal Data as described in Section 9 of the Privacy Policy.
We process Personal Data to provide CRM, automation, SMS, email, call, pipeline, and reporting services to Client. Categories of Data Subjects include Client's leads, prospects, policyholders, and customers. Categories of Personal Data include contact details, policy details, call and message content, and quote data.
Client consents to our use of the following subprocessors:
We will give Client at least 30 days notice of any new subprocessor. If Client reasonably objects on data protection grounds, Client may terminate the affected service.
We maintain administrative, technical, and physical safeguards appropriate to the nature of the Personal Data processed, including encryption in transit (TLS 1.2 or higher), role based access controls, unique credentials per user, audit logging, regular software updates, and vendor security reviews for each subprocessor.
We will notify Client without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data breach affecting Client data. The notice will include the nature of the breach, categories and approximate number of Data Subjects affected, likely consequences, and measures taken or proposed.
If a Data Subject or Consumer contacts us directly with an access, deletion, correction, or opt out request, we will forward the request to Client within 5 business days. We will assist Client in responding using appropriate technical and organizational measures.
Where we transfer Personal Data outside the EEA, UK, or Switzerland, we rely on the EU Standard Contractual Clauses (2021/914), the UK International Data Transfer Addendum, or another valid transfer mechanism. Client agrees that execution of the Terms of Service and this DPA incorporates the applicable Module 2 (Controller to Processor) SCCs.
Client may request, no more than once per year, reasonable information about our security practices and the results of any third party audits or certifications we have obtained. Physical on site audits may be arranged by advance written agreement.
Upon termination of the Services, and upon written request, we will return or delete Personal Data within 90 days unless applicable law requires longer retention (for example, Medicare call recording retention under CMS rules).
Liability under this DPA is subject to the limitations set out in the Terms of Service.
Data protection inquiries: info@agentleadengine.com. Agent Lead Engine LLC, New York, United States. (516) 780-1385.