Back to home

Data Processing Addendum

Last updated: April 19, 2026

This Data Processing Addendum ("DPA") forms part of the agreement between the customer ("Customer," "you") and Leagrow, Inc. ("Leagrow," "we") for the provision of the Services (the "Agreement") and reflects the parties' agreement on the processing of personal data on behalf of the Customer. It applies to the extent Leagrow processes personal data that is subject to applicable data protection law, including the EU GDPR, UK GDPR, and the California Consumer Privacy Act.

1. Definitions

Terms such as personal data, processing, controller, processor, data subject, and supervisory authority have the meanings given in the applicable data protection law.

2. Roles of the parties

For the purposes of this DPA, the Customer is the controller (or processor acting on behalf of a third-party controller) of Customer Personal Data, and Leagrow is the processor (or sub-processor). Each party will comply with its obligations under applicable data protection law.

3. Subject matter, duration, and nature of processing

  • Subject matter: provision of the Leagrow learning platform and related services.
  • Duration: the term of the Agreement plus any applicable retention period.
  • Nature and purpose: hosting, transmitting, analyzing, and presenting personal data as necessary to operate the Services and AI features, and to provide support.
  • Categories of data subjects: Customer's employees, contractors, learners, administrators, and authorized end-users.
  • Categories of personal data: identifiers, contact details, profile information, content generated in the workspace, learning activity, and technical metadata.

4. Customer instructions

Leagrow will process Customer Personal Data only on documented instructions from the Customer, including as set out in the Agreement and this DPA, unless required to do otherwise by applicable law. If Leagrow believes an instruction infringes data protection law, it will notify the Customer.

5. Confidentiality

Leagrow ensures that personnel authorized to process Customer Personal Data are bound by confidentiality obligations and receive appropriate training.

6. Security

Leagrow implements and maintains appropriate technical and organizational measures to protect Customer Personal Data, as summarized on our Security page, and reviews them regularly.

7. Sub-processors

The Customer authorizes Leagrow to engage sub-processors to provide the Services. Leagrow maintains a list of current sub-processors, available on request at info@leagrow.com. Leagrow will (a) impose data protection obligations on each sub-processor that are no less protective than those in this DPA, and (b) give the Customer prior notice of new sub-processors with a reasonable opportunity to object on reasonable grounds.

8. International transfers

Where Leagrow transfers Customer Personal Data outside the European Economic Area, the United Kingdom, or Switzerland to a country that is not subject to an adequacy decision, the parties rely on the EU Standard Contractual Clauses (Module 2 or 3, as applicable) and the UK International Data Transfer Addendum, which are incorporated by reference. Leagrow applies supplementary measures as appropriate.

9. Data subject rights

Taking into account the nature of the processing, Leagrow provides the Customer with tools and reasonable assistance to respond to data subject requests. If Leagrow receives a request directly from a data subject relating to Customer Personal Data, it will, without undue delay, direct the data subject to the Customer.

10. Security incident notification

Leagrow notifies the Customer without undue delay, and in any event within the time required by applicable law, after becoming aware of a personal data breach affecting Customer Personal Data, and provides information reasonably required for the Customer to meet its own notification obligations.

11. Audits

Leagrow supports the Customer's audit rights by making available its current third-party audit reports (e.g., SOC 2 Type II) and completing reasonable security questionnaires. Where additional audits are required by law, the parties will agree in advance on timing, scope, and confidentiality.

12. Deletion and return

Upon termination or expiry of the Agreement, Leagrow will, at the Customer's choice, delete or return all Customer Personal Data, unless applicable law requires storage.

13. Liability

Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the Agreement.

14. Conflict

In the event of a conflict between this DPA and the Agreement, this DPA will prevail solely in respect of the processing of Customer Personal Data.

Contact

To execute a countersigned DPA or request our sub-processor list, contact info@leagrow.com.

Leagrow, Inc.
New Jersey Turnpike Ext, Burlington, New Jersey 08016, United States