Patent pending

LegisGate™ is a proprietary compliance intelligence engine — deterministic regulatory rules with AI-assisted analysis layered on top. Not a chatbot. AI Tool Intelligence Reports your Data Protection Team can act on at the click of a button.

Data Processing Agreement

For enterprise customers processing personal data subject to GDPR, UK GDPR, Swiss revFADP, or other applicable data protection laws.

LegisGate Inc. · Last updated: March 2026 · Patent pending

About our DPA

LegisGate offers a Data Processing Agreement (DPA) for enterprise customers that governs the processing of personal data by LegisGate on behalf of your organization as part of the platform service.

Our DPA is compliant with GDPR Article 28 requirements and includes:

  • Processing instructions and permitted purposes
  • Confidentiality obligations
  • Technical and organizational security measures
  • Sub-processor disclosure and approval mechanism
  • Data subject rights assistance obligations
  • Breach notification timelines — 24 hours to enable your 72-hour GDPR notification
  • Audit rights
  • Data return and deletion on termination
  • EU Standard Contractual Clauses (2021) for EU-US transfers
  • UK IDTA or UK Addendum for UK-US transfers
  • Swiss SCCs for Swiss-US transfers

Request a DPA

To request our standard DPA or discuss enterprise data processing terms contact us at:

legal@legisgate.com

Subject: Data Processing Agreement Request

We will respond within 2 business days with our standard DPA for your legal team's review. Enterprise customers with specific requirements are welcome to propose amendments — our standard DPA is our starting point, not our final position.

Sub-processors

LegisGate uses the following sub-processors in the delivery of the platform service. All sub-processors are bound by data processing agreements meeting applicable legal requirements.

ProcessorPurposeLocationSafeguard
Anthropic, Inc.AI-assisted analysis within the compliance intelligence engineUnited StatesStandard Contractual Clauses
Supabase, Inc.Database infrastructure and authenticationUnited StatesStandard Contractual Clauses
Vercel, Inc.Platform hosting and edge computingUnited StatesStandard Contractual Clauses
Resend, Inc.Transactional email deliveryUnited StatesStandard Contractual Clauses
Microsoft CorporationProductivity and communicationUnited StatesStandard Contractual Clauses

We will provide 30 days notice of any new sub-processor that materially affects the processing of your personal data, giving you the opportunity to object before the change takes effect.

Additional trust documentation: Trust & Security — Sub-processors

Security measures

LegisGate implements the following technical and organizational measures to protect personal data processed through the platform:

  • Encryption in transit (TLS 1.2 minimum)
  • Encryption at rest (AES-256)
  • Role-based access controls
  • Multi-factor authentication for platform access
  • Audit logging of data access events
  • Automated security monitoring
  • Regular security assessments
  • Employee security training
  • Incident response procedures

Security overview

Ready to execute a DPA? Contact our team and we will have our standard agreement to you within 2 business days.

Request a DPA

← Back to home