Current document: DPA
DPA
GDPR supportData Processing Agreement summary
Processor commitments for customers using Lean Cookie Consent to collect and manage consent evidence.
Roles
The customer is the controller for website visitor data and configured policy content. Lean Cookie Consent acts as processor for hosted platform operations, consent evidence storage, customer support and technical diagnostics, except where it processes limited account and billing data as an independent controller.
Processor commitments
- Process personal data only for documented platform and support purposes.
- Apply technical and organizational safeguards appropriate to the service scope.
- Keep customer site data logically separated by site key, domain and account assignment.
- Support export and audit workflows through reports, CSV files and redacted backups.
- Notify customers when a confirmed security incident materially affects their data, according to the applicable agreement.
Subprocessor categories
Hosting infrastructure, email delivery, payment processing, security monitoring, support tooling and analytics/acquisition tooling where configured. Customer websites may also use their own third-party services listed in each site profile.