01Roles of the parties
Customer is the Controller of personal data processed via LawyerDesk. LawyerDesk acts as Processor, and our sub-processors act as sub-processors.
02Scope and purpose
LawyerDesk processes personal data only to provide the service, to comply with documented customer instructions, and as required by law. We do not process personal data for our own purposes.
03Security measures
We maintain technical and organizational measures appropriate to the risk, including encryption in transit and at rest, access controls, pseudonymization where practical, regular security testing, and business continuity planning. See our Security page for detail.
04Sub-processors
We use a limited, vetted list of sub-processors for infrastructure, observability, and support. The current list is at /legal/subprocessors. We notify customers of material changes and offer a reasonable objection window.
05International transfers
Cross-border transfers rely on Standard Contractual Clauses, UK IDTA, or equivalent safeguards. Customers may specify primary data residency at provisioning.
06Assistance and audits
We assist Customer in responding to data subject requests and, where feasible, in meeting obligations under articles 32-36 GDPR. Customers may audit our compliance annually, subject to confidentiality and reasonable notice.
Questions about this document?
Our legal team responds within two business days. Enterprise customers can reach their dedicated counsel through the support portal.