Legal

Data Processing Addendum

Last updated July 7, 2026

This addendum forms part of the agreement between you (the customer) and 8Leads, and applies where 8Leads processes personal data on your behalf. It reflects the requirements of the GDPR and UK GDPR.

1. Roles

For the lead data and message data you process through the Service, you are the controller and 8Leads is the processor. 8Leads processes personal data only on your documented instructions, which include your use of the Service and this addendum.

2. Scope of processing

  • Subject matter. Providing the outbound automation Service.
  • Duration. For the term of your agreement, plus any deletion period.
  • Nature and purpose. Storing lists, sending messages, receiving replies, and producing analytics.
  • Data types. Prospect contact details and any fields you choose to upload, and the content of messages and replies.
  • Data subjects. The prospects you contact and the recipients who reply.

3. Confidentiality and staff

8Leads limits access to personal data to staff who need it, under confidentiality obligations, with least-privilege access controls and audit logging.

4. Subprocessors

You authorize 8Leads to engage the subprocessors below, each under a written contract with data protection terms. We will give notice before adding or replacing a subprocessor so you can object on reasonable grounds.

  • Cloud database and application hosting (managed Postgres and serverless hosting, United States).
  • Queue and worker infrastructure (managed Redis and container hosting).
  • Payment processing (billing and invoices).
  • Transactional email delivery.
  • Error monitoring and product analytics.

5. Security measures

8Leads maintains technical and organizational measures appropriate to the risk, including:

  • Encryption in transit and at rest, with AES-256-GCM for connected-account sessions and proxy credentials.
  • Least-privilege access controls and audit logging.
  • Network isolation between the public application and the sending workers.
  • Regular backups and recovery procedures.

Full detail is on the Security page.

6. Data subject requests

The Service lets you access, correct, export, and delete lead data directly. Where a data subject contacts 8Leads, we will refer them to you and assist you in responding, taking into account the nature of the processing.

7. Personal data breach

8Leads will notify you without undue delay after becoming aware of a personal data breach affecting your data, and will provide the information you reasonably need to meet your own notification obligations.

8. International transfers

Where personal data is transferred out of the EEA or the UK, 8Leads relies on appropriate safeguards, including the Standard Contractual Clauses, together with additional measures where required.

9. Deletion and return

On termination, and at your choice, 8Leads will delete or return the personal data it processes on your behalf, except where retention is required by law.

10. Audits

8Leads will make available the information reasonably needed to demonstrate compliance with this addendum, and will contribute to audits carried out by you or an auditor you appoint, subject to reasonable confidentiality and scheduling.

11. Contact

Data protection questions go to privacy@8leads.io.

This document is a general template shared for transparency. It is not legal advice. Review it with qualified counsel before you rely on it.