Data Processing Agreement (DPA)

Last Updated: April 23, 2025

This Data Processing Agreement (“Agreement”) is entered into by and between:

• Data Controller: The Client (you), using authentication services provided by Leap Hub Inc., a company registered in the United States, with its servers hosted in Frankfurt, Germany.
  
• Data Processor: Leap Hub Inc., operating as an SSO (Single Sign-On) and identity management provider for integrated platforms.
  

This Agreement is incorporated by reference into the Terms and Conditions and governs the processing of Personal Data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), Turkish 6698 sayılı KVKK, and other applicable data protection laws.

1. Subject Matter and Duration

This Agreement covers the processing of personal data by Leap Hub on behalf of integrated platforms using its services. It remains in force as long as Leap Hub processes data on behalf of the Controller.

2. Nature and Purpose of Processing

Leap Hub processes personal data for the following purposes:

• Single Sign-On authentication and session management
  
• User account registration and secure login
  
• Encrypted password storage (not shared with any third party)
  
• Communication preference storage
  
• Identity verification and platform authorization
  
• IP/session tracking for security auditing
  
• Enabling access to integrated partner services (e.g., Whisper, Contentia) upon consent
  

3. Types of Personal Data Processed

Leap Hub may process the following data categories:

• Full name
  
• Email address
  
• Company name
  
• Password (stored in encrypted format)
  
• Country and preferred language
  
• IP address and device/browser metadata
  
• Session identifiers and token-related timestamps
  
• Communication preferences
  
• Platform access logs and login history
  

Note: Passwords are hashed using modern cryptographic techniques and are not transferred or disclosed to any third-party platform.

4. Data Subjects

The data subjects include:

• Clients or end-users registering on platforms using Leap Hub authentication
  
• Partner representatives accessing integrated services
  
• Visitors signing up or logging into affiliated platforms through Leap Hub
  

5. Third-Party Subprocessors

Leap Hub uses subprocessors only where necessary and ensures GDPR-compliant safeguards:

• Cloudways: Data hosting provider (server location: Frankfurt, Germany)
  
• Cloudflare: Web performance and security (via edge caching/CDN)
  
• MailerLite / MailerSend: Transactional notifications and system messages
  
• Google Analytics / Tag Manager: Internal usage and performance metrics (no sensitive data)
  
• Hotjar (optional): UX improvement (if consented)
  

6. Controller Responsibilities

• Determine lawful basis (e.g., consent, contract) for processing
  
• Provide transparent privacy notices
  
• Obtain valid user consents
  
• Handle data subject requests directly
  
• Maintain an up-to-date privacy policy reflecting SSO use
  

7. Processor Responsibilities

• Only process personal data on documented instructions
  
• Maintain data confidentiality and staff awareness
  
• Implement appropriate security (TLS encryption, secure cookies, hashed passwords)
  
• Notify Controller of any data breaches immediately
  
• Cooperate with audits or inspections upon request
  

8. Data Transfers

• Data is primarily stored in Germany
  
• If transferred outside the EEA (e.g., U.S.), Leap Hub ensures:
  
  • Adequacy decisions where applicable
    
  • Standard Contractual Clauses (SCCs) or appropriate safeguards
    
  • Transfers limited to contractual necessity (e.g., mail providers)
    

9. Data Retention and Deletion

Personal data will be retained:

• As long as the user maintains an active Leap Hub account
  
• As required by tax and legal obligations
  
• For logs, up to 2 years for security purposes
  
  Upon user deletion request, all data will be erased unless retention is legally necessary.
  

10. Data Subject Rights

Leap Hub supports the Controller in ensuring the rights of data subjects, including:

• Right of access, rectification, and erasure
  
• Restriction or objection to processing
  
• Data portability
  
• Consent withdrawal (e.g., communication preferences)
  

11. Audits and Inspections

The Controller may request audits with 15 days’ notice. Leap Hub will cooperate and provide necessary documentation or access as appropriate.

12. Liability

Each party is responsible for its own compliance failures. Leap Hub’s liability is limited to direct damages unless otherwise stated in the Terms and Conditions.

13. Miscellaneous

• This Agreement supersedes conflicting data terms.
  
• Governed by the laws of the State of Texas, USA.
  
• Any dispute shall be subject to the exclusive jurisdiction of the courts in Texas.
  

Contact Details

Leap Hub Inc.

Email: support@theleaphub.com

Website: https://theleaphub.com

Location: United States (Operations), Servers in Germany