Data Processing Addendum

The business customer is the controller for personal data collected from its own customers, prospects, and website visitors. LuxLeads AI acts as processor for that data when providing chatbot, lead capture, notification, and dashboard services.

We process personal data only to provide, secure, support, and improve LuxLeads AI, or as otherwise instructed by the business customer through the dashboard, connected integrations, or written support requests.

Processing may include:

• — Names, email addresses, phone numbers, and enquiry details shared in chat
• — Facebook Page, Instagram, website chat, and conversation identifiers
• — Business configuration, booking links, service areas, and operating hours
• — Message content needed to generate replies, qualify enquiries, and route leads

We use reasonable technical and organisational measures to protect personal data, including HTTPS in transit, restricted production access, token handling controls, and least-privilege access where practical.

We may use subprocessors to operate the service, including hosting providers, AI API providers, email providers, payment processors, Meta, WhatsApp, and connected booking tools. We remain responsible for subprocessors we appoint to process customer data on our behalf.

Some subprocessors may process data outside the UK. Where required, transfers are protected by appropriate safeguards such as standard contractual clauses, UK addenda, or equivalent lawful transfer mechanisms.

We will reasonably assist business customers with data subject requests, security requests, and deletion requests relating to data processed through LuxLeads AI. Following account termination, customer-controlled chat and lead data is retained for up to 90 days unless earlier deletion is requested or a longer period is legally required.

If we become aware of a personal data breach affecting customer-controlled data, we will notify the affected business customer without undue delay and provide information reasonably available to help them meet their own legal obligations.

Questions about this addendum can be sent to [email protected].