Local Lead FinderData removal

Data Processing Addendum

Last updated June 2026

This Addendum (“DPA”) forms part of the Terms of Service between you (“Controller”) and Browzey (“Processor”) for Local Lead Finder, and applies where the Processor processes personal data on the Controller’s behalf under GDPR / UK GDPR.

1. Roles & scope

The Controller determines the purposes and means of processing the personal data it captures, saves, and exports. The Processor processes that data only on documented instructions (the Service’s functionality and the Controller’s configuration).

2. Subject matter & duration

Processing covers business-contact data within saved leads, AI verdicts, email-finder results, and website-crawl content, for the duration of the account plus the retention windows in the Privacy Policy.

3. Sub-processors

The Controller authorizes the sub-processors listed in the Privacy Policy. The Processor remains responsible for their performance and will give notice of material changes.

4. Security

The Processor maintains TLS in transit, access controls, secret management, PII scrubbing in error logs, and no remote code execution in the extension (CSP script-src 'self').

5. International transfers

Where personal data is transferred outside the EEA/UK, the EU Standard Contractual Clauses (2021/914) and the UK IDTA apply.

6. Data-subject rights & assistance

The Processor provides tooling to honor access, erasure, and rectification requests — the account export/delete endpoints and the public removal portal — and assists the Controller in responding to data-subject and authority requests, including objections handled on request. Target ≤7 days, hard cap 30.

7. Breach notification

The Processor will notify the Controller without undue delay after becoming aware of a personal data breach affecting the Controller’s data.

8. Deletion on termination

On account deletion, the Processor erases the Controller’s content and anonymizes the account record, retaining only what law requires (billing/ledger records). Soft-deleted data is hard-purged within 30 days.

To countersign a copy of this DPA, contact privacy@localleadfinder.app.