Claim your FREE name.lapsite.app now.

Get Started
Lapsite
Legal

Data Processing Addendum

This DPA applies when customer organizations use Lapsite to process personal data and supplements our Terms of Service.

Last updated: April 13, 2026

Legal Framework

Controller-processor agreement

Data Security

Protection commitments

Data Subject Rights

Individual rights respected

Data Return & Deletion

End-of-service obligations

1. Scope and Precedence

This DPA applies to personal data processed by Lapsite on behalf of a customer in connection with the services.

If there is a conflict between this DPA and the Terms regarding personal data processing, this DPA controls for that subject matter.

This page is a standard contractual transparency summary and is not legal advice.

2. Roles of the Parties

Customer is the controller (or business) for personal data submitted to the platform for its own sites, inventory, and leads.

Lapsite acts as processor (or service provider/contractor) for that customer data and processes it only under documented instructions, except where required by law.

For Lapsite account, billing, fraud prevention, and platform security operations, Lapsite may act as an independent controller as described in our Privacy Policy.

3. Processing Details
  • Subject matter: Website hosting, content management, media storage, analytics features, and support operations.
  • Duration: For the term of service use, plus limited retention periods required for backups, security, and legal obligations.
  • Nature: Collection, storage, retrieval, organization, transmission, and deletion.
  • Data categories: Account identifiers, website content, inventory metadata, lead/contact submissions, and technical telemetry.
  • Data subjects: Customer staff, site visitors, leads, and end users interacting with customer websites.
4. Subprocessors and International Transfers

Customer authorizes Lapsite to use subprocessors to provide the service. Current subprocessors are listed on our Subprocessors page.

International transfer safeguards are documented in applicable service agreements and our privacy documentation.

5. Security and Incident Handling
  • Encryption in transit for service traffic.
  • Access controls, least-privilege practices, and environment separation.
  • Row-level security controls for customer data isolation where applicable.
  • Security monitoring, abuse protections, and incident response procedures.
  • Breach notifications without undue delay where legally required.
6. Data Subject Requests and Assistance

Lapsite provides customer-facing controls and support workflows to access, correct, and delete data where available.

If Lapsite receives a data subject request directly that relates to customer-controlled data, Lapsite may redirect the request to the relevant customer where appropriate.

7. Deletion and Return

Upon account termination or valid customer instruction, Lapsite will delete or return customer personal data as described in service controls and policy documentation, except where retention is required by law.

Limited encrypted backup copies and security logs may persist for a short retention window before automatic purge.

8. Contact and Notices

For DPA requests, enterprise review, or signed contractual copies, contact legal@lapsite.com.

Registered Office: LAPSITE LTD, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.

Related documents: Terms of Service, Privacy Policy, and Subprocessors.

Related Policies

Privacy Policy

Learn about how we collect, use, and protect your personal data

Terms of Service

Read our terms and conditions for using Lapsite

Cookie Policy

Learn about how we use cookies and similar tracking technologies

Refund Policy

Learn about our 14-day money-back guarantee and refund process

Subprocessors

See the current third-party subprocessors used to provide the service