Data Processing Agreement
Last updated: January 14, 2026
1. Introduction
This Data Processing Agreement ("DPA") forms part of the Terms of Service between leapersecurity ("Adflow" or "Processor") and the user ("Customer" or "Controller") of the Adflow platform. This DPA reflects the parties' agreement with regard to the Processing of Personal Data under the General Data Protection Regulation ("GDPR").
2. Relationship
- Controller: Customer is the Data Controller who determines the purpose and means of Processing Personal Data.
- Processor: Adflow is the Data Processor who processes Personal Data only on behalf of the Controller and according to their instructions.
3. Scope of Processing
Adflow processes data provided by the Customer or retrieved from connected ad accounts (Meta, Google) for the purpose of:
- Advertising campaign management and optimization
- Performance reporting and AI-powered insights
- Conversion tracking and attribution syncing
4. Sub-processors
Adflow uses the following trusted sub-processors to provide the Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Vercel / AWS | Cloud Hosting & Infrastructure | United States |
| OpenAI | AI Analysis (Anonymized Metrics) | United States |
| Meta / Facebook | Marketing API Integration | Worldwide |
| Google Ads API Integration | Worldwide |
5. Security Measures
Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including encryption of data in transit (TLS) and at rest, secure access controls, and regular security audits.
6. Data Subject Rights
Processor shall assist the Controller by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Controller's obligation to respond to requests for exercising the Data Subject's rights (e.g., access, rectification, deletion).