Data Processing Agreement
Last updated: January 2026
Roles
For data you connect to pleom, you act as the data controller and pleom acts as the data processor. We process personal data only on your documented instructions.
Scope of processing
pleom processes the categories of data you connect for the purpose of generating analysis and insights within the service. We do not process it for any other purpose.
Sub-processors
We use a limited set of vetted sub-processors for infrastructure and delivery. A current list is available on request, and we provide notice before adding new ones.
Security measures
We maintain encryption in transit and at rest, least-privilege access controls, and audit logging, consistent with SOC 2 Type II and GDPR requirements.
International transfers
Where personal data is transferred across regions, we rely on Standard Contractual Clauses and appropriate safeguards.
Requesting the signed DPA
To execute a countersigned DPA, contact legal@pleom.co.