Data Processing Addendum
This page describes QuickLead's standard B2B pilot data processing position. It may be supplemented by a signed order form or negotiated addendum for a specific customer.
1. Scope boundary
This DPA applies to customer content processed for B2B, team, company, or API workflows where QuickLead acts as processor or service provider for the customer.
This DPA does not govern a separate public or community shared contribution feature that a user explicitly submits or expressly opts into. For that type of public/shared contribution, QuickLead may act as controller as described in the Privacy Policy.
2. Subject matter and purpose
QuickLead processes customer content to provide contact resolution, contextual capture, structured outputs, browser-assisted workflows, API operations, and related support and security functions.
3. Categories of personal data
- Phone numbers and related contact inputs
- Names, contact labels, and structured output fields
- Page context, source URLs, titles, and evidence snippets associated with a request
- Structured rows, export payloads, and customer workflow metadata
- Usage logs, error logs, security telemetry, and support records related to the service
4. Categories of data subjects
Data subjects may include contacts, leads, customers, prospects, staff, contractors, or other individuals whose information appears in the customer's workflows or content.
5. Duration
Processing continues for the term of the applicable services agreement, pilot agreement, or service relationship, plus any reasonable retention period needed for security, support, legal compliance, billing, and deletion workflows.
6. Instructions
QuickLead will process customer content on documented customer instructions reflected in the applicable service configuration, API usage, browser workflow, support request, order form, or other written communication.
Unless the customer expressly enables a public contribution mode, customer corrections and workflow content remain in the customer-content scope described by this DPA.
7. Subprocessors
Customer authorises QuickLead to use the subprocessors listed on Subprocessors. QuickLead may update that list from time to time and will provide notice where required by law or contract.
8. Security measures
QuickLead maintains reasonable technical and organisational measures appropriate to the nature of the service and company size, including transport encryption, credential management, access controls, monitoring, secret management, and service protection controls. More detail is available on the Security page.
Customers should not read this DPA as a promise that every workflow already has full technical tenant isolation beyond the customer scope that is currently documented and contractually agreed.
9. International transfers
QuickLead and its subprocessors may process data in multiple jurisdictions. Where required, QuickLead will use transfer mechanisms or supplementary measures that are appropriate to the customer relationship and applicable law.
10. Data subject requests and cooperation
Taking into account the nature of the processing and the information available to QuickLead, QuickLead will provide reasonable assistance to help the customer respond to data subject requests, regulatory inquiries, or privacy complaints relating to customer content.
11. Incident notification
QuickLead will notify the customer without undue delay after becoming aware of a confirmed security incident affecting customer content, taking into account the information reasonably available at the time.
12. Return or deletion
Upon termination of the applicable service, QuickLead will delete or return customer content as reasonably practicable, subject to legal obligations, security records, billing records, fraud-prevention needs, backup cycles, and documented retention periods.
13. Audit and information rights
QuickLead will make available reasonable information about its processing and security measures suitable for a small vendor and early-access product. If further audit rights are required, those should be agreed in writing so the scope is proportionate to the service, customer risk, and company size.