Close
Widgets
Calculator
Estimate prices instantly with a smart calculator
Booking widget
Let customers book services online in minutes
Spin to win
Turn visitors into leads with a prize wheel
Quiz
Engage users and qualify leads step by step
Form
Collect leads and messages from your visitors
About the Platform
Pricing
Transparent pricing with no hidden fees
Contact us
Have questions or ideas? We’re happy to help!
For Agencies
Special plan with 25% partner commission.
Account
Sign up

DATA PROCESSING AGREEMENT

Last updated: 04.27.2026

This Data Processing Agreement (“DPA”) is incorporated into and forms part of the Terms of Service between getsiteleads.com (“Processor”, “we”, “our”, “us”) and the customer (“Controller”, “you”, “your”) who uses our Service to collect personal data from end-users (“Data Subjects”).

1. Definitions

Capitalized terms used but not defined in this DPA have the meanings given in the Terms of Service. The following terms have the meanings set forth below:

  • “Personal Data” means any information relating to an identified or identifiable natural person processed on behalf of the Controller.
  • “Processing” means any operation performed on Personal Data, including collection, storage, transmission, and deletion.
  • “Subprocessor” means any third party engaged by the Processor to process Personal Data on behalf of the Controller.
  • “Data Subject” means the individual to whom Personal Data relates.
  • “Applicable Data Protection Law” means all data protection and privacy laws applicable to the Processing, including but not limited to GDPR, CCPA, and other relevant regulations.

2. Roles and Responsibilities

2.1 Controller. You are the Controller of the Personal Data collected via your widgets. You determine the purposes and means of processing. You are responsible for:

  • Providing appropriate notice to Data Subjects about data collection
  • Obtaining necessary consents or establishing another lawful basis for processing
  • Responding to Data Subject requests
  • Complying with all obligations under Applicable Data Protection Law

2.2 Processor. We act as a Processor on your behalf. We process Personal Data only:

  • In accordance with your documented instructions (as configured in your widget settings)
  • For the purpose of providing the Service
  • As required by applicable law

3. Details of Processing

3.1 Subject matter: Provision of the widget platform for collecting, transmitting, and delivering end-user submissions.

3.2 Nature and purpose: We transmit Personal Data collected through your widgets directly to the destination you configure (email, Telegram, or other supported channels). We do not store, retain, or use this data for our own purposes.

3.3 Types of Personal Data: As configured by you, this may include:

  • Name
  • Email address
  • Phone number
  • Custom form field responses
  • Contact details and preferences

3.4 Categories of Data Subjects: End-users who interact with widgets deployed on your website.

3.5 Duration: For the duration of your subscription to the Service.

4. Subprocessors

You acknowledge and agree that we may engage third-party subprocessors in connection with the provision of the Service. We maintain an up-to-date list of subprocessors available upon request.

Current subprocessors include:

SubprocessorPurposeLocation
[Hosting Provider]Server infrastructureUnited States
SendGrid / Email ServiceEmail deliveryUnited States
Telegram APIMessage delivery (if configured)Global

We will notify you before engaging any new subprocessor and give you an opportunity to object, where required by Applicable Data Protection Law.

We enter into written agreements with all subprocessors containing data protection obligations at least as protective as those in this DPA.

5. Security

We implement appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include:

  • Encryption of data in transit (TLS/SSL)
  • Secure server infrastructure
  • Access controls and authentication
  • Regular security reviews

6. Data Subject Rights

Taking into account the nature of the Processing, we will assist you by appropriate technical and organizational measures, insofar as possible, to fulfill your obligations to respond to Data Subject rights requests under Applicable Data Protection Law.

If we receive a request directly from a Data Subject, we will forward it to you without undue delay.

7. Personal Data Breach

In the event of a verified Personal Data breach affecting data processed under your account, we will:

  • Notify you without undue delay
  • Provide you with information about the nature of the breach
  • Take reasonable steps to mitigate the effects and minimize damage

8. Deletion of Data

As described in our Service functionality, Personal Data collected through your widgets is not stored on our servers and is transmitted directly to your designated destination.

Upon termination of your subscription, we will delete or anonymize any remaining account-related Personal Data within 60 days, except where retention is required by law.

9. International Transfers

The Service is hosted in the United States. By using the Service, you acknowledge that Personal Data may be transferred to and processed in the United States.

Where required by Applicable Data Protection Law, such transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, which are incorporated by reference into this DPA.

10. Audit Rights

You may request information about our security practices and compliance with this DPA. On reasonable notice and no more than once per year, we will provide you with relevant documentation and responses to your reasonable inquiries.

Any on-site audit must be agreed in advance, at your expense, and conducted during normal business hours without disrupting our operations.

11. Limitation of Liability

Our liability under this DPA is subject to the limitations set forth in the Terms of Service.

12. Term and Termination

This DPA remains in effect for as long as we process Personal Data on your behalf. It terminates automatically upon termination of your subscription.

13. Governing Law

This DPA is governed by the same law as the Terms of Service.

Contact

For questions about this DPA, contact us at: info@getsiteleads.com

Start