LEADGEN AI
TERMS OF SERVICE & DATA PROCESSING AGREEMENT
Effective Date: March 23, 2026 | Governing Law: State of New Jersey
IMPORTANT — PLEASE READ CAREFULLY: This Terms of Service and Data Processing Agreement ("Agreement") constitutes a legally binding contract between you ("User," "Client," or "Subscriber") and LeadGen AI ("Company," "we," "our," or "us"). BY ACCESSING, REGISTERING FOR, OR USING ANY PART OF OUR PLATFORM OR SERVICES, YOU ACKNOWLEDGE THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO BE BOUND BY ALL TERMS OF THIS AGREEMENT INCLUDING THE DATA PROCESSING AGREEMENT IN PART II. IF YOU DO NOT AGREE, YOU MUST IMMEDIATELY CEASE ALL USE OF THE SERVICES.
PART I — TERMS OF SERVICE
1. DEFINITIONS
For purposes of this Agreement, the following terms shall have the meanings ascribed below:
"Platform" means the LeadGen AI software-as-a-service solution, including all modules, features, APIs, integrations (including GoHighLevel infrastructure and third-party CRMs), dashboards, AI models, and associated documentation.
"Services" means all services provided by LeadGen AI, including but not limited to: AI receptionist, CRM automation, outbound/inbound SMS/MMS/voice/email messaging, appointment scheduling, sales pipeline tools, marketing automation, funnel building, and reporting.
"User Data" means any data, content, personally identifiable information ("PII"), or records that you or your End Users submit to, generate within, or transmit through the Platform.
"Subscriber" means the individual or legal entity that has registered for an account and accepted this Agreement on behalf of themselves or their organization.
"End Users" means third parties, including your customers, leads, and prospects, who are contacted through or who interact with the Platform.
"Applicable Law" means all federal, state, and local laws, statutes, regulations, ordinances, and rules governing your use of the Platform, including without limitation TCPA, CAN-SPAM, GDPR, CCPA, FTC Act, and FCC regulations.
"GoHighLevel" means HighLevel Inc., the underlying CRM and automation infrastructure provider upon which the Platform is built.
2. ACCEPTANCE AND ELIGIBILITY
By accessing or using the Platform, you represent and warrant that: (i) you are at least eighteen (18) years of age; (ii) you have full legal authority to enter into this Agreement on behalf of yourself or your organization; (iii) your use of the Platform does not violate any Applicable Law; and (iv) all information you provide to LeadGen AI is accurate, current, and complete.
Corporations, limited liability companies, partnerships, and other business entities may use the Platform only through authorized representatives who bind the organization to all terms herein.
3. SERVICES PROVIDED
LeadGen AI provides a cloud-based AI-powered sales and marketing automation platform built on GoHighLevel infrastructure, encompassing:
Artificial intelligence-powered receptionist and voice agent functionality.
Automated SMS, MMS, email, and voice communications.
CRM data ingestion, enrichment, and automation.
Lead capture, scoring, nurturing, and pipeline management tools.
Appointment scheduling, calendar management, and automated reminders.
Funnel building, landing page creation, and marketing campaign management.
Reporting, analytics, and performance dashboards.
API integrations with third-party systems, including GoHighLevel, Twilio, Stripe, and others.
LeadGen AI reserves the right, in its sole discretion and without prior notice, to modify, discontinue, suspend, or add features or services at any time. We shall not be liable to you or any third party for any such modification, suspension, or discontinuation.
4. COMMUNICATION COMPLIANCE AND CONSENT — CRITICAL OBLIGATIONS
4.1 Subscriber's Sole Responsibility for Consent. YOU BEAR SOLE AND EXCLUSIVE RESPONSIBILITY for obtaining all legally required consents and authorizations before contacting any individual via SMS, MMS, voice call, ringless voicemail, email, or any other communication channel through the Platform. LeadGen AI is a technology provider only and does not obtain consent on your behalf.
4.2 TCPA Compliance. You agree to comply fully with the Telephone Consumer Protection Act (47 U.S.C. § 227) and all implementing FCC regulations, including requirements for prior express written consent for autodialed or prerecorded calls and texts to wireless numbers, residential landlines, and numbers on the National Do-Not-Call Registry.
4.3 CAN-SPAM Act Compliance. All commercial email messages sent through the Platform must comply with the CAN-SPAM Act of 2003 (15 U.S.C. § 7701 et seq.), including accurate header information, honest subject lines, a functional physical postal address, and an operational unsubscribe mechanism honored within ten (10) business days.
4.4 Do-Not-Contact Lists. You must maintain and honor internal do-not-contact lists and suppress contacts who have opted out, unsubscribed, or revoked consent. Failure to suppress opted-out contacts is a material breach of this Agreement.
4.5 A2P 10DLC and Short Code Regulations. You are responsible for registering your messaging campaigns under applicable A2P 10DLC frameworks, carrier requirements, and CTIA guidelines. LeadGen AI may assist with registration but makes no guarantee of carrier approval and is not liable for message filtering, blocking, or regulatory penalties arising from your campaigns.
4.6 Prohibited Communications. You shall not use the Platform to send spam, phishing communications, fraudulent messages, misleading advertising, or communications that violate any Applicable Law or constitute deceptive trade practices under the FTC Act (15 U.S.C. § 45).
5. USER ACCOUNTS AND SECURITY
5.1 Account Registration. You must provide accurate, complete, and current information during registration. LeadGen AI reserves the right to refuse registration or cancel any account at its sole discretion.
5.2 Credentials and Access Control. You are solely responsible for maintaining the confidentiality of your credentials. You must immediately notify LeadGen AI of any unauthorized access or security breach at [email protected]. LeadGen AI shall not be liable for losses arising from unauthorized account access resulting from your failure to safeguard credentials.
5.3 Account Sharing Prohibited. Account credentials may not be shared, sold, transferred, or disclosed to any third party. Unauthorized account sharing is grounds for immediate termination without refund.
6. ACCEPTABLE USE POLICY
You agree not to use the Platform in any manner that, directly or indirectly:
Violates any Applicable Law, regulation, court order, or governmental directive.
Infringes upon the intellectual property rights, privacy rights, or other legal rights of any third party.
Transmits or stores malicious code, viruses, Trojan horses, spyware, or any disruptive software.
Attempts to gain unauthorized access to the Platform, other accounts, or connected third-party systems.
Interferes with or disrupts the integrity, performance, or security of the Platform or its infrastructure.
Circumvents or disables any access control, security measure, or usage limitation of the Platform.
Facilitates unlawful debt collection, harassment, threats, or abusive contact with any person.
Reverse engineers, decompiles, disassembles, or derives source code from any portion of the Platform.
Uses the Platform to offer competing services or white-label the Platform without prior written authorization.
Scrapes, crawls, or extracts data from the Platform beyond normal intended use without express written consent.
Violation of this Acceptable Use Policy may result in immediate suspension or termination of your account without notice or refund, and may expose you to civil and/or criminal liability.
7. DATA OWNERSHIP, PROCESSING, AND PRIVACY
7.1 Data Ownership. As between you and LeadGen AI, you retain all ownership rights in and to User Data. LeadGen AI claims no ownership over User Data and processes it solely to provide the Services.
7.2 License to Process. You grant LeadGen AI a limited, non-exclusive, royalty-free license to access, store, process, and transmit User Data solely as necessary to provide the Services, comply with Applicable Law, and enforce this Agreement.
7.3 Data Processor Relationship. LeadGen AI acts as a data processor with respect to personal data in User Data, and you act as the data controller. You are solely responsible for the lawfulness of all personal data submitted to the Platform. The full terms of data processing are set forth in Part II of this Agreement (Data Processing Agreement).
7.4 Privacy Policy. Your use of the Services is also governed by LeadGen AI's Privacy Policy, the terms of which are incorporated herein by reference.
7.5 Data Security. LeadGen AI implements commercially reasonable technical and organizational measures to protect User Data. No security measure is infallible, and LeadGen AI does not guarantee the absolute security of User Data.
7.6 Data Retention and Deletion. Upon termination, LeadGen AI may delete User Data per its data retention schedule and applicable law. It is your responsibility to export or back up User Data prior to termination.
8. FEES, BILLING, AND PAYMENT TERMS
8.1 Subscription Fees. You agree to pay all fees associated with your selected subscription plan as disclosed at the time of purchase. All fees are stated in U.S. Dollars unless otherwise specified.
8.2 Billing Cycle. Fees are billed monthly or annually as elected. Subscriptions automatically renew at the end of each billing cycle unless cancelled prior to renewal per Section 12.
8.3 Automatic Payments. By providing a payment method, you authorize LeadGen AI to charge all applicable fees automatically on the applicable billing date.
8.4 Late Payments. Unpaid balances outstanding for more than ten (10) calendar days may accrue interest at the lesser of 1.5% per month or the maximum rate permitted by Applicable Law. LeadGen AI reserves the right to suspend Services upon non-payment without additional notice.
8.5 Non-Refundable Fees. ALL FEES PAID ARE STRICTLY NON-REFUNDABLE EXCEPT AS EXPRESSLY STATED IN THIS AGREEMENT OR REQUIRED BY APPLICABLE LAW.
8.6 Taxes. You are responsible for all applicable taxes. If LeadGen AI is required to collect taxes, they will be added to your invoice.
8.7 Price Changes. LeadGen AI reserves the right to change pricing with thirty (30) days' advance written notice. Continued use after the effective date of a price change constitutes acceptance of the revised pricing.
9. INTELLECTUAL PROPERTY RIGHTS
9.1 LeadGen AI Ownership. All right, title, and interest in and to the Platform, including all underlying software, algorithms, AI models, methodologies, trade secrets, trademarks, and documentation, are and shall remain the exclusive property of LeadGen AI or its licensors. Nothing in this Agreement transfers any intellectual property rights to you.
9.2 Limited License. LeadGen AI grants you a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to access and use the Platform during the term of your subscription, solely for your internal business purposes.
9.3 Restrictions. You shall not: (i) copy, reproduce, or duplicate any portion of the Platform; (ii) create derivative works; (iii) sell, resell, license, or assign your access rights; (iv) remove or alter proprietary notices; or (v) use LeadGen AI's trademarks without prior written consent.
9.4 Feedback. Any suggestions or feedback you provide regarding the Platform shall become the sole property of LeadGen AI, which may use and incorporate such feedback without restriction or compensation to you.
10. THIRD-PARTY INTEGRATIONS AND SERVICES
The Platform integrates with third-party services including GoHighLevel, Twilio, Stripe, Google, and Meta. You acknowledge and agree that:
Third-party services are governed by their own terms of service and privacy policies, which you are responsible for reviewing and complying with.
LeadGen AI makes no representations or warranties regarding the availability, performance, security, or compliance of third-party services.
LeadGen AI shall not be liable for disruptions, data loss, regulatory action, or damages arising from third-party services.
Certain Platform features may become unavailable if a third-party integration is modified, suspended, or discontinued.
Your use of the GoHighLevel platform through LeadGen AI is additionally subject to GoHighLevel's own Terms of Service and Data Processing Agreement.
11. CONFIDENTIALITY
Each party may receive confidential information of the other party in connection with this Agreement ("Confidential Information"). Each party agrees to: (i) hold the other's Confidential Information in strict confidence; (ii) not disclose Confidential Information to third parties without prior written consent; and (iii) use Confidential Information solely for purposes of performing obligations under this Agreement.
Confidential Information excludes information that: (a) is or becomes publicly available through no breach of this Agreement; (b) was known to the receiving party prior to disclosure; (c) is independently developed without use of Confidential Information; or (d) must be disclosed pursuant to court order or Applicable Law, provided the receiving party gives prompt written notice to the other party.
12. TERM, TERMINATION, AND SUSPENSION
12.1 Term. This Agreement commences upon your acceptance and continues until terminated in accordance with this Section.
12.2 Termination by Subscriber. You may terminate your subscription at any time through your account settings or by written notice to [email protected]. Termination takes effect at the end of your current billing cycle. No refunds will be issued for any remaining prepaid term.
12.3 Termination by LeadGen AI for Cause. LeadGen AI may terminate this Agreement immediately and without notice if you: (i) breach any provision of this Agreement; (ii) engage in illegal or abusive conduct; (iii) violate any Applicable Law through use of the Platform; (iv) engage in unauthorized chargebacks or payment fraud; or (v) become insolvent or subject to bankruptcy proceedings.
12.4 Suspension. LeadGen AI reserves the right to suspend access to the Platform at any time, with or without notice, to prevent harm to the Platform or third parties, investigate suspected violations, comply with Applicable Law or carrier requirements, or address non-payment.
12.5 Effect of Termination. Upon termination: (i) your license to use the Platform immediately ceases; (ii) all outstanding fees become immediately due; and (iii) LeadGen AI may permanently delete your account and User Data. Sections 7, 9, 11, 13, 14, 15, 16, and 17 shall survive termination.
13. DISCLAIMERS OF WARRANTIES
THE PLATFORM AND ALL SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, LEADGEN AI EXPRESSLY DISCLAIMS ALL WARRANTIES, INCLUDING BUT NOT LIMITED TO: (I) IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT; (II) WARRANTIES THAT THE PLATFORM WILL OPERATE WITHOUT ERROR, INTERRUPTION, OR SECURITY BREACHES; (III) WARRANTIES THAT DEFECTS WILL BE CORRECTED; AND (IV) WARRANTIES REGARDING THE ACCURACY, RELIABILITY, OR COMPLETENESS OF ANY INFORMATION PROVIDED THROUGH THE PLATFORM.
LeadGen AI does not warrant that the Platform will meet your specific business requirements or that results obtained from use of the Platform will be accurate, timely, or commercially valuable. Any reliance on the Platform for business-critical decisions is entirely at your own risk.
14. LIMITATION OF LIABILITY
14.1 Exclusion of Consequential Damages. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL LEADGEN AI, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, LICENSORS, OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, PUNITIVE, OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO LOSS OF REVENUES, LOSS OF PROFITS, LOSS OF BUSINESS OPPORTUNITIES, LOSS OF GOODWILL, LOSS OF DATA, BUSINESS INTERRUPTION, REGULATORY FINES, OR COSTS OF SUBSTITUTE SERVICES, WHETHER BASED ON CONTRACT, TORT, STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, EVEN IF LEADGEN AI HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
14.2 Liability Cap. IN NO EVENT SHALL LEADGEN AI'S AGGREGATE LIABILITY ARISING OUT OF OR RELATED TO THIS AGREEMENT EXCEED THE TOTAL FEES ACTUALLY PAID BY YOU TO LEADGEN AI IN THE TWELVE (12) CALENDAR MONTHS IMMEDIATELY PRECEDING THE CLAIM. THIS LIMITATION APPLIES TO ALL CAUSES OF ACTION IN THE AGGREGATE.
14.3 Essential Basis. The parties acknowledge that the limitations of liability in this Section are an essential element of the bargain between the parties, without which LeadGen AI would not have entered into this Agreement. Some jurisdictions do not allow the exclusion or limitation of certain damages; in such jurisdictions, LeadGen AI's liability shall be limited to the fullest extent permitted by law.
15. INDEMNIFICATION
15.1 Subscriber Indemnification. You shall defend, indemnify, and hold harmless LeadGen AI, its affiliates, officers, directors, employees, agents, licensors, and service providers from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, and fees (including reasonable attorneys' fees) arising out of or relating to:
Your violation of this Agreement or any Applicable Law.
Your use or misuse of the Platform or Services.
Your failure to obtain proper consent before contacting any individual.
Any claim by an End User or third party arising from communications you initiated through the Platform.
Any regulatory action, fine, or penalty arising from your use of the Platform.
Your negligence, willful misconduct, or fraud.
15.2 Indemnification Procedure. LeadGen AI shall: (i) promptly notify you in writing of any claim for which indemnification is sought; (ii) provide you reasonable cooperation in the defense of the claim; and (iii) give you sole control over the defense and settlement, provided no settlement imposes any obligation or liability on LeadGen AI without its prior written consent.
16. GOVERNING LAW AND DISPUTE RESOLUTION
16.1 Governing Law. This Agreement shall be governed by and construed in accordance with the laws of the State of New Jersey, without regard to its conflict of law principles.
16.2 Mandatory Arbitration. EXCEPT FOR CLAIMS FOR INJUNCTIVE OR EQUITABLE RELIEF, ANY DISPUTE, CLAIM, OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS AGREEMENT OR THE BREACH, TERMINATION, ENFORCEMENT, INTERPRETATION, OR VALIDITY THEREOF SHALL BE RESOLVED BY BINDING ARBITRATION ADMINISTERED BY THE AMERICAN ARBITRATION ASSOCIATION ("AAA") UNDER ITS COMMERCIAL ARBITRATION RULES. THE ARBITRATION SHALL BE CONDUCTED IN NEW JERSEY. THE ARBITRATOR'S AWARD SHALL BE FINAL AND BINDING AND MAY BE ENTERED AS A JUDGMENT IN ANY COURT OF COMPETENT JURISDICTION.
16.3 Class Action Waiver. YOU AGREE THAT ANY DISPUTE RESOLUTION PROCEEDINGS WILL BE CONDUCTED ONLY ON AN INDIVIDUAL BASIS AND NOT IN A CLASS, CONSOLIDATED, OR REPRESENTATIVE ACTION. IF FOR ANY REASON A CLAIM PROCEEDS IN COURT RATHER THAN IN ARBITRATION, YOU WAIVE ANY RIGHT TO A JURY TRIAL.
16.4 Equitable Relief. Notwithstanding the foregoing, LeadGen AI may seek injunctive or other equitable relief in any court of competent jurisdiction to prevent or enjoin violation of its intellectual property rights or confidentiality obligations.
17. FORCE MAJEURE
LeadGen AI shall not be held liable for any failure or delay in performance caused by events beyond its reasonable control, including but not limited to acts of God, natural disasters, pandemics, governmental actions or restrictions, internet or telecommunications outages, carrier disruptions, cyberattacks, or failures of third-party infrastructure providers. In such events, LeadGen AI's obligations shall be suspended for the duration of the force majeure event.
18. MODIFICATIONS TO THIS AGREEMENT
LeadGen AI reserves the right to update or modify this Agreement at any time. We will provide notice of material changes by posting the updated Agreement on our website and/or sending an email to the address on file for your account. Continued use of the Services after the effective date of any modification constitutes your acceptance of the revised Agreement. If you do not agree to a modification, your sole remedy is to terminate your subscription prior to the effective date of the change.
19. GENERAL PROVISIONS
19.1 Entire Agreement. This Agreement, together with the Privacy Policy and all incorporated exhibits, constitutes the entire agreement between you and LeadGen AI regarding the subject matter hereof and supersedes all prior or contemporaneous agreements.
19.2 Severability. If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions shall remain in full force and effect.
19.3 Waiver. No failure or delay by LeadGen AI in exercising any right under this Agreement shall constitute a waiver of that right.
19.4 Assignment. You may not assign or transfer this Agreement, by operation of law or otherwise, without LeadGen AI's prior written consent. LeadGen AI may freely assign this Agreement, including in connection with a merger, acquisition, or sale of assets.
19.5 Notices. All legal notices to LeadGen AI under this Agreement shall be sent in writing to: [email protected]. Notices to you shall be sent to the email address on file for your account.
19.6 Electronic Acceptance. You acknowledge that your electronic acceptance of this Agreement (by clicking "I Agree," registering for an account, or using the Services) is legally equivalent to a handwritten signature.
PART II — DATA PROCESSING AGREEMENT (DPA)
DPA Version: April 2023 — Incorporated by Reference into and Effective as of the Effective Date of this Agreement
This Data Processing Agreement ("DPA") governs LeadGen AI's processing of personal data on behalf of the Subscriber in connection with the Services. This DPA is incorporated into and forms part of the Terms of Service Agreement. In case of any conflict or inconsistency with the terms of Part I, this DPA shall take precedence to the extent of such conflict or inconsistency with respect to data processing matters.
DPA-1. DEFINITIONS
In addition to the definitions in Part I, the following terms apply to this DPA:
"CCPA" means California Civil Code Sec. 1798.100 et seq. as amended (also known as the California Consumer Privacy Act of 2018), including the California Privacy Rights Act amendments to the CCPA.
"California Personal Information" means Personal Data that is subject to the protection of the CCPA.
"Controller," "Processor," "Data Subject," "Personal Data," "Personal Data Breach," "Process," and "Processing" shall have the meanings given to them in the Data Protection Laws.
"Customer Personal Data" means any information relating to an identified or identifiable individual where: (i) such information is contained within User Data; and (ii) is protected as personal data or personally identifiable information under applicable Data Protection Laws.
"Data Protection Laws" means all applicable worldwide legislation relating to data protection and privacy applicable to either party in the Processing of Personal Data, including the European Data Protection Laws, the CCPA, and other applicable U.S. laws, in each case as amended from time to time.
"Europe" means the European Union, the European Economic Area and/or their member states, Switzerland, and the United Kingdom.
"European Data" means Personal Data that is subject to the protection of European Data Protection Laws.
"European Data Protection Laws" means: (i) GDPR (Regulation 2016/679); (ii) Directive 2002/58/EC; (iii) applicable national implementations thereof; (iv) UK GDPR (as incorporated into UK domestic law by the European Union (Withdrawal) Act 2018); and (v) the Swiss Federal Data Protection Act.
"GDPR" means the General Data Protection Regulation ((EU) 2016/679) and the retained UK version thereof.
"Standard Contractual Clauses" means the standard contractual clauses annexed to the European Commission's Decision (EU) 2021/914 of 4 June 2021, as may be amended, superseded, or replaced.
"UK Addendum" means the International Data Transfer Addendum issued by the UK Information Commissioner under section 119A(1) of the Data Protection Act 2018, as may be amended, superseded, or replaced.
DPA-2. COMPLIANCE
Both parties will comply with all applicable requirements of Data Protection Laws. This DPA is in addition to, and does not relieve, remove, or replace, a party's obligations or rights under Data Protection Laws.
DPA-3. CONTROLLER / PROCESSOR DESIGNATION
The parties have determined that for the purposes of Data Protection Laws, LeadGen AI shall process Customer Personal Data as a Processor on behalf of the Subscriber. The Subscriber may be either a Controller or a Processor with respect to the Customer Personal Data it provides to LeadGen AI.
DPA-4. CONSENTS AND LAWFUL BASIS
Subscriber will ensure that it has all necessary and appropriate consents, notices, and lawful bases in place to enable: (i) the lawful transfer of Customer Personal Data to LeadGen AI; and (ii) the lawful collection and processing of Customer Personal Data using the LeadGen AI Services for the duration and purposes of the Agreement and this DPA. Subscriber shall indemnify LeadGen AI against all loss, damage, and costs (including regulatory fines) arising from a failure to do so.
DPA-5. NATURE, SCOPE, AND PURPOSE OF PROCESSING
The nature, scope, and purpose of LeadGen AI's processing of Customer Personal Data, the duration of processing, the types of Customer Personal Data processed, and the categories of Data Subjects are as set forth in Annex A to this DPA.
DPA-6. SUBSCRIBER INSTRUCTIONS
LeadGen AI shall process Customer Personal Data only on the documented instructions of the Subscriber, unless LeadGen AI is required by any applicable law to otherwise process that Customer Personal Data. This Agreement and DPA shall constitute the Subscriber's documented instructions; the parties may agree to additional instructions in writing. LeadGen AI shall inform the Subscriber if, in LeadGen AI's opinion, any Subscriber instruction would breach Data Protection Laws.
DPA-7. LEADGEN AI OBLIGATIONS
LeadGen AI will:
(a) Implement and maintain appropriate technical and organizational measures to protect Customer Personal Data from Personal Data Breaches, as described in Annex B. LeadGen AI may modify or update its security measures at its discretion provided that such modification does not result in a material degradation of protection.
(b) Ensure that any personnel authorized by LeadGen AI to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory or contractual obligation of confidentiality.
(c) Assist the Subscriber, insofar as reasonably possible and at the Subscriber's cost and written request, in responding to any request from a Data Subject and in ensuring the Subscriber's compliance with its obligations under Data Protection Laws with respect to security, breach notifications, impact assessments, and consultations with supervisory authorities.
(d) Notify the Subscriber without undue delay upon becoming aware of a Personal Data Breach involving Customer Personal Data.
(e) At the written direction of the Subscriber, delete or return Customer Personal Data and copies thereof to the Subscriber upon termination of the Agreement, unless LeadGen AI is required by applicable law to continue to process that Customer Personal Data.
(f) For European Data, assist the Subscriber in ensuring compliance with Articles 32 to 36 of the GDPR; make available all information reasonably necessary to demonstrate compliance with this DPA; allow for and reasonably contribute to audits and inspections; and make available all information reasonably necessary to demonstrate compliance with GDPR Article 28 requirements.
(g) Maintain records to demonstrate its compliance with this DPA.
DPA-8. CCPA — SERVICE PROVIDER DESIGNATION
The parties agree that if the CCPA applies, Subscriber is a "business" and LeadGen AI is a "service provider" as defined under the CCPA. LeadGen AI will not:
Retain, use, or disclose California Personal Information for any purpose other than to perform the Services or as otherwise permitted by the CCPA.
Retain, use, or disclose California Personal Information outside of the direct business relationship between LeadGen AI and Subscriber, unless otherwise permitted by the CCPA.
"Sell" or "share" California Personal Information as those terms are defined in the CCPA, or combine California Personal Information with personal information obtained from sources other than Subscriber, except to the extent necessary to perform the Services.
From time to time, Subscriber may request, and LeadGen AI will provide, reasonable evidence of its compliance with this Section DPA-8.
DPA-9. SUB-PROCESSORS
Subscriber provides its prior, general authorization for LeadGen AI to appoint Sub-Processors to process Customer Personal Data, provided that:
LeadGen AI shall ensure that the terms on which it appoints Sub-Processors comply with Data Protection Laws and are consistent with the obligations imposed on LeadGen AI under this DPA.
LeadGen AI shall remain responsible for the acts and omissions of any Sub-Processor as if they were the acts and omissions of LeadGen AI itself.
LeadGen AI will notify Subscriber at least thirty (30) days prior to adding or replacing any Sub-Processor listed in Annex C, if Subscriber has opted in to receive such notifications by contacting [email protected].
LeadGen AI will include substantially the same data protection obligations as those in this DPA in its agreements with Sub-Processors.
The current list of authorized Sub-Processors is set forth in Annex C to this DPA.
DPA-10. EUROPEAN DATA — TRANSFER MECHANISMS
DPA-10(a) General Restriction. LeadGen AI will not transfer European Data to any country or recipient not recognized as providing an adequate level of protection for Personal Data under applicable European Data Protection Laws, unless it first takes all measures necessary to ensure the transfer complies with applicable European Data Protection Laws, including but not limited to executing Standard Contractual Clauses.
DPA-10(b) Standard Contractual Clauses. Subscriber acknowledges that LeadGen AI is a recipient of European Data in the United States. The parties agree that the Standard Contractual Clauses will be incorporated by reference and form part of this Agreement as follows:
(1) EEA Transfers. In relation to European Data subject to the GDPR: (i) Subscriber is the "data exporter" and LeadGen AI is the "data importer"; (ii) Module Two terms apply to the extent Subscriber is a Controller of European Data, and Module Three terms apply to the extent Subscriber is a Processor; (iii) in Clause 7, the optional docking clause applies; (iv) in Clause 9, Option 2 applies and changes to Sub-Processors will be notified per Section DPA-9; (v) in Clause 11, the optional language is deleted; (vi) in Clauses 17 and 18, governing law and forum for disputes shall be the Republic of Ireland; (vii) the Annexes of the Standard Contractual Clauses shall be deemed completed with the information set out in the Annexes of this DPA; and (viii) in case of conflict between the Standard Contractual Clauses and this DPA, the Standard Contractual Clauses shall prevail.
(2) UK Transfers. In relation to European Data subject to the UK GDPR, the Standard Contractual Clauses shall apply per DPA-10(b)(1) with the following modifications: (i) the Standard Contractual Clauses will be modified and interpreted in accordance with the UK Addendum, which is incorporated by reference; (ii) Tables 1, 2, and 3 of the UK Addendum shall be deemed completed with the information in the Annexes of this DPA, and Table 4 shall be deemed completed by selecting "neither party"; and (iii) conflicts between the Standard Contractual Clauses and the UK Addendum shall be resolved per Sections 10 and 11 of the UK Addendum.
(3) Swiss Transfers. In relation to European Data subject to the Swiss DPA, the Standard Contractual Clauses shall apply per DPA-10(b)(1) with the following modifications: (i) references to "Regulation (EU) 2016/679" shall be interpreted as references to the Swiss DPA; (ii) references to "EU," "Union," and "Member State law" shall be interpreted as references to Swiss law; and (iii) references to the "competent supervisory authority" and "competent courts" shall be replaced with the "Swiss Federal Data Protection and Information Commissioner" and the "relevant courts in Switzerland."
DPA-10(c) Non-Compliance Remedy. If LeadGen AI cannot comply with its obligations under the Standard Contractual Clauses or UK Addendum and Subscriber intends to suspend or terminate the transfer of European Data, Subscriber agrees to provide LeadGen AI with reasonable notice to enable cure of such non-compliance and to cooperate with LeadGen AI to identify additional safeguards. If LeadGen AI cannot cure the non-compliance, Subscriber may suspend or terminate the affected part of the Services without liability to either party (but without prejudice to any fees incurred prior to such suspension or termination).
DPA-11. AMENDMENTS TO DPA
Notwithstanding anything in this Agreement to the contrary, LeadGen AI reserves the right to make updates and changes to this DPA, including to address changes in Data Protection Laws and to revise security provisions, provided that LeadGen AI does not materially reduce the overall security level provided to Customer Personal Data.
ANNEX A — DETAILS OF PROCESSING
A. List of Parties
Data Exporter: Subscriber, as defined in and identified by their LeadGen AI Platform Account. Role: Controller or Processor (as applicable to Subscriber's own activities). Activities: Performance of the Agreement as a Controller or Processor of End User personal data for marketing, CRM, and communications purposes.
Data Importer: LeadGen AI Address: New Jersey, United States Contact: [email protected] Role: Processor Activities: Performance of the Services under the Agreement, including AI receptionist, CRM automation, and marketing communications.
B. Description of Transfer
Categories of Data Subjects: Customers and potential customers (leads and prospects) of the Subscriber.
Categories of Personal Data: Data input and collected as decided by the Subscriber, including name, date of birth, phone number, email address, and social media profiles.
Sensitive Data: The parties do not anticipate the transfer of special categories of sensitive data.
Frequency of Transfer: Variable and continuous during the Agreement term.
Nature and Purpose of Processing: LeadGen AI will provide the Services to the Subscriber. The Subscriber will use the Services to collect and process Personal Data of their customers and potential customers for the purposes of managing and carrying out marketing activities, CRM functions, appointment scheduling, AI-driven communications, and related business operations. Processing will involve collecting, storing, recording, contacting, and managing Personal Data for the purpose of running marketing campaigns, providing AI receptionist services, and managing customer relationships generally.
Retention Period: Personal Data will be retained for the duration of the period in which the Subscriber accesses and uses the LeadGen AI Platform under this Agreement, and thereafter in accordance with applicable Data Protection Laws and LeadGen AI's data retention schedule.
Competent Supervisory Authority: For the purposes of the Standard Contractual Clauses, the supervisory authority that will act as competent supervisory authority will be determined in accordance with the transfer mechanism provisions of Section DPA-10 of this DPA.
ANNEX B — TECHNICAL AND ORGANIZATIONAL SECURITY MEASURES
The following technical and organizational security measures are implemented by LeadGen AI to protect Customer Personal Data:
Security Measure Description Pseudonymisation and Encryption of Personal Data All personal data at rest is encrypted with AES-256 CBC. All personal data in transit is encrypted with TLS v1.2+. Ongoing Confidentiality, Integrity, Availability and Resilience LeadGen AI maintains endpoint protection on its APIs; uptime monitors; access control measures including user-based and subaccount-based authentication; and managed cloud services (AWS, Google Cloud). Ability to Restore Availability and Access Personal data is backed up on AWS and Google Cloud with 5-minute granularity to enable restoration in the event of a physical or technical incident. User Identification and Authorisation Encrypted signed tokens, role-based authorizations, and password protection for all user access. Protection of Data During Transmission SSL certificates and HTTPS protected with TLS v1.2+. Protection of Data During Storage Personal data encrypted at rest with AES-256 CBC on AWS and Google Cloud infrastructure. Physical Security of Processing Locations LeadGen AI uses managed cloud services (AWS and Google Cloud). Physical security protocols are as described in AWS and Google Cloud terms and conditions. Event Logging Logging for all user actions and audit logs. Application and infrastructure monitoring via Google Cloud Operations Suite and AWS CloudWatch. System Configuration Configurations stored in version control. All containers from standardized images hosted by AWS and Google Cloud. Updates, upgrades, and vulnerability patching performed automatically. Internal IT and IT Security Governance Dedicated IT and information security management practices and third-party security vendors. Certification / Assurance LeadGen AI's underlying platform infrastructure (via GoHighLevel) holds a HIPAA Seal of Compliance Certificate issued by The Compliancy Group. Data Minimisation Minimum data requirements enforced. Users can choose not to enter personal data into optional fields. Data Quality Subscribers able to update relevant personal data. Two-factor authentication used. Application monitoring via Google Cloud and custom monitors. Limited Data Retention Data retention configurable by the Subscriber administrator with respect to specific individuals. Accountability LeadGen AI access to personal data restricted based on role-based access control rules. Data Portability and Erasure Subscribers can download their personal data from within the Service. Subscribers can request a copy or deletion of their personal data via LeadGen AI's support process.
ANNEX C — AUTHORIZED SUB-PROCESSORS
Sub-Processor Address Contact Processing Description Processing Location Google LLC / Google Cloud Services 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA [email protected] Data storage and infrastructure support for performance of the Agreement United States Amazon Web Services, Inc. 410 Terry Avenue North, Seattle, WA 98109, USA aws.amazon.com/contact-us Data storage and infrastructure support for performance of the Agreement United States HighLevel Inc. (GoHighLevel) 400 N. Saint Paul St. Suite 920, Dallas, TX 75202, USA www.gohighlevel.com CRM, automation, and communications platform infrastructure underlying the Services United States
LeadGen AI will notify Subscriber at least thirty (30) days before adding or replacing any Sub-Processor listed above, for Subscribers who have opted in to such notifications. Subscribers may opt in by contacting [email protected].
© 2026 LeadGen AI. All Rights Reserved. Confidential & Proprietary.
This document was prepared for informational purposes. Please consult qualified legal counsel before relying on this Agreement in any legal proceeding.