This page points to Productlane's legal and security documents and explains how to handle data requests. Use it when a customer or your own security team runs a vendor review.
Data Processing Agreement (DPA): productlane.com/legal/dpa. Covers controller and processor roles, the data we process, security measures, and the EU Standard Contractual Clauses with the UK addendum.
Privacy Policy: productlane.com/legal/privacy.
Terms of Service: productlane.com/legal/terms.
Vulnerability disclosure: productlane.com/legal/vulnerability-disclosure. Report a security issue here under the safe-harbor terms.
The full list of authorized subprocessors, with each one's purpose and location, is in Exhibit B of the DPA. We notify customers before a subprocessor is added or changed, per the DPA.
Credentials are encrypted at rest: integration tokens and other secrets are stored with AES-256-GCM encryption.
AI sources: AI features use OpenAI and Anthropic under zero-retention agreements. See the Privacy Policy for detail.
A single customer's data (GDPR erasure): open the contact, then use the ⋯ menu and choose Delete. The contact is removed and their messages are dissociated from them.
Your whole account and workspace: email [email protected] from the address on the account. Per the DPA, customer personal data is deleted within 30 days of termination.
For a vendor security questionnaire, start with the DPA (security measures are in Exhibit C) and the vulnerability disclosure page. If your review needs anything not covered there, email [email protected].
