Data Processing Summary

This page summarizes how LegalKit approaches controller/processor roles and commercial data-processing requests.

Last updated: March 9, 2026

Roles

For customer-submitted website, account, hosted policy, and consent-log data, the customer is generally the controller or business and LegalKit acts as a processor or service provider for the requested functionality.

Transfers and locations

Data location depends on the configured infrastructure and enabled vendors. Core platform services may process data in the United States or other regions supported by the selected provider. Signed DPA terms and transfer language are handled through commercial review.

Retention and deletion

LegalKit aims to keep personal data only as long as required to operate the service, maintain audit trails, satisfy billing or legal obligations, and honor customer instructions. Deletion/export requests should be sent to [email protected].

Signed DPA requests

This page is a summary, not an executed contract. To request a signed Data Processing Addendum, email [email protected] with your company name, workspace, and required paper.