Ledgenter Data Processing Addendum

Last updated: June 18, 2026

Effective date: June 18, 2026

This Data Processing Addendum ("DPA") is incorporated into and forms part of the Ledgenter Terms of Service (the "Agreement," available at ledgenter.com/terms) and takes effect on the date Customer accepts the Agreement — including by clicking to accept or by using the Service — on or after the effective date above. By accepting the Agreement or using the Service, Customer accepts this DPA. A countersigned (signable) copy of this DPA is available to Team and enterprise customers on request to [email protected].

This DPA is entered into between Apex Business Holdings LLC, a United States limited liability company, doing business as Sentravision ("Sentravision," "we," "us," or "our"), and the customer that has accepted the Agreement ("Customer," "you," or "your"). Sentravision and Customer are each a "party" and together the "parties."

This DPA governs the Processing of Customer Personal Data by Sentravision in connection with the Ledgenter service (the "Service"). Capitalized terms not defined in this DPA have the meaning given in the Agreement. This DPA is published at ledgenter.com/dpa; the Ledgenter Privacy Policy is available at ledgenter.com/privacy.

1. Definitions

For the purposes of this DPA:

1.1 "Customer Content" means the data, text, files, and other materials that Customer, and Customer's authorized human users and AI agents, submit to or generate within the Service, including projects, tasks, task dependencies, decisions, knowledge notes, handoffs, comments, attachments, skills, code references, repositories, activity records, feature requests, and the vector embeddings derived from your knowledge and decision text.

1.2 "Customer Personal Data" means any Personal Data contained within Customer Content that Sentravision Processes on behalf of Customer under the Agreement. Customer Personal Data does not include account, billing, or product-analytics data for which Sentravision determines the purposes and means of Processing; that data is addressed in Section 2.3 and the Ledgenter Privacy Policy.

1.3 "Data Protection Laws" means all data protection and privacy laws and regulations applicable to the Processing of Customer Personal Data under the Agreement, which may include, to the extent applicable: the EU General Data Protection Regulation 2016/679 ("GDPR"); the UK GDPR and the Data Protection Act 2018 ("UK GDPR"); the Swiss Federal Act on Data Protection; the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA"); and other applicable U.S. state privacy laws.

1.4 "Controller," "Processor," "Data Subject," "Personal Data," "Processing," and "Supervisory Authority" (and equivalent terms such as "business," "service provider," and "consumer" under U.S. state laws) have the meanings given in the applicable Data Protection Laws.

1.5 "Security Incident" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Personal Data Processed by Sentravision or its Subprocessors. A Security Incident does not include unsuccessful attempts or activities that do not compromise the security of Customer Personal Data (such as pings, port scans, denied login attempts, or denial-of-service attacks).

1.6 "Standard Contractual Clauses" ("SCCs") means (a) the standard contractual clauses for the transfer of personal data to third countries adopted by the European Commission in Decision 2021/914, and (b) the UK International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner, each as applicable and as amended or replaced from time to time.

1.7 "Subprocessor" means any third party engaged by Sentravision to Process Customer Personal Data on Sentravision's behalf in order to provide the Service.

2. Roles of the Parties and Scope

2.1 Roles for Customer Personal Data. With respect to Customer Personal Data, the parties acknowledge and agree that Customer is the Controller (or, where Customer is itself acting as a processor for a third party, a processor) and Apex Business Holdings LLC (d/b/a Sentravision) is the Processor (or subprocessor) of Customer Content. Sentravision Processes Customer Personal Data only on behalf of, and in accordance with the instructions of, Customer as set out in Section 3.

2.2 Scope. This DPA applies only to the Processing of Customer Personal Data. The subject matter, duration, nature, and purpose of the Processing, the types of Personal Data, and the categories of Data Subjects are described in Annex A.

2.3 Data for which Sentravision is Controller. Sentravision is an independent Controller of account and identity data (such as the email address and authentication identifiers of human users), workspace and membership records, billing identifiers and subscription state, security and audit telemetry, and product-usage analytics. Sentravision Processes that data for its own account-administration, billing, security, abuse-prevention, and product-improvement purposes. Such Processing is governed by the Ledgenter Privacy Policy and is outside the scope of this DPA.

2.4 Hosted, multi-tenant service. Ledgenter is a multi-tenant service that is technically architected to keep each customer's workspace data logically isolated from every other customer's data through the ordinary application paths (see Section 6 and Annex B). Through the ordinary operation of the Service, Sentravision does not commingle one customer's Customer Content with another's.

2.5 Activity and audit records (dual purpose). The Service maintains activity and audit records of actions taken within a workspace (such as actor, action, object, status, and timestamp). These records are dual-purpose: within a workspace they form part of Customer Content, for which Sentravision acts as Processor under this DPA; and Sentravision also Processes the same records as an independent Controller for security, audit, abuse-prevention, and billing purposes, as described in Section 2.3 and the Ledgenter Privacy Policy.

3. Processing on Documented Instructions

3.1 Documented instructions. Sentravision will Process Customer Personal Data only on Customer's documented instructions, including with respect to international transfers, unless required to do otherwise by applicable law to which Sentravision is subject. Customer's instructions are comprised of: (a) the Agreement and this DPA; (b) Customer's configuration and use of the Service (including the actions of Customer's authorized human users and AI agents through the web console, MCP server, and CLI); and (c) any other written instructions agreed by the parties.

3.2 Lawfulness of instructions. Customer is responsible for ensuring that its instructions, and its Processing of Customer Personal Data, comply with Data Protection Laws. Sentravision will inform Customer if, in its reasonable opinion, an instruction infringes Data Protection Laws, except where prohibited from doing so by law. Sentravision is not responsible for determining whether Customer's instructions comply with applicable law.

3.3 Customer responsibilities. Customer represents and warrants that it has provided all required notices and obtained all rights, consents, and lawful bases necessary to submit Customer Personal Data to the Service and to authorize Sentravision's Processing of it as described in this DPA. Customer is solely responsible for the accuracy, quality, and legality of Customer Content, the means by which it acquired Customer Personal Data, and the security of its API keys and the conduct of its human users and AI agents.

4. Confidentiality

4.1 Sentravision will treat Customer Personal Data as confidential and will ensure that persons authorized to Process Customer Personal Data (including personnel and, where applicable, automated operational agents acting under Sentravision's control) are subject to appropriate obligations of confidentiality, whether contractual or statutory.

4.2 Sentravision will limit access to Customer Personal Data to those personnel and processes that need access to provide, secure, support, or maintain the Service.

5. Security Measures

5.1 Technical and organizational measures. Taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of Processing, as well as the risk to Data Subjects, Sentravision will implement and maintain appropriate technical and organizational measures designed to protect Customer Personal Data against a Security Incident. A description of the measures in effect as of the effective date is set out in Annex B.

5.2 Encryption. Customer Personal Data is encrypted in transit using TLS and is encrypted at rest by the managed-infrastructure providers that operate the Service, including in backups. Sentravision does not claim any specific cipher, standard, or certification for this encryption.

5.3 No reduction. Sentravision may update or modify the measures in Annex B from time to time, provided that such updates do not materially reduce the overall level of protection for Customer Personal Data during the term of the Agreement.

5.4 No certifications or guarantees. Customer acknowledges that Sentravision makes no representation that it holds any specific security certification or attestation (such as SOC 2, ISO 27001, HIPAA, or PCI-DSS as a merchant), and the security measures are provided on the "as is" and "as available" basis set out in the Agreement. No service-level, availability, backup, recovery-point, recovery-time, or disaster-recovery commitment is made under this DPA or the Agreement.

6. Tenant Isolation and Access Controls

6.1 Customer Content is stored in a database that enforces tenant isolation at the row level. Every workspace-scoped record is bound to a tenant identifier and protected by database row-level security policies, so that data belonging to one workspace is not accessible to another through the ordinary application paths.

6.2 Writes to Customer Content occur only through controlled, access-checked database procedures; direct write access to underlying tables is not granted to the application's authenticated role. AI agents authenticate using per-actor API keys, which are stored only as cryptographic (SHA-256) hashes, and which are exchanged for short-lived, workspace-scoped credentials. Agent processes never hold a database role or privileged service credential.

6.3 Customer acknowledges that revocation of an API key takes effect for new credential exchanges immediately, but a credential already issued may remain valid for up to its short remaining lifetime (currently up to fifteen (15) minutes) before it expires. This propagation behavior is disclosed honestly and is a function of the short-lived credential model.

7. Subprocessors

7.1 General written authorization. Customer provides Sentravision with a general written authorization to engage Subprocessors to Process Customer Personal Data in order to provide and operate the Service. Such Subprocessors perform functions that, by category, include hosting (managed database, infrastructure, and application hosting), payment processing, transactional email, product analytics, AI and embedding services, and content delivery and DNS. Customer acknowledges that providing the Service necessarily involves these categories of Subprocessing.

7.2 AI/embedding and AI-assisted operations. Customer acknowledges and authorizes that: (a) knowledge-note and decision text may be transmitted to a third-party AI/embedding provider to generate the vector embeddings that power semantic search within Customer's own workspace; (b) the Service is operated with substantial automation and artificial intelligence, and the Service's AI agent features Process Customer Content in order to provide the Service; and (c) customer support and operational functions (including support handled through [email protected]) may be AI-assisted and may therefore be Processed by a third-party AI model provider acting as a Subprocessor. Sentravision discloses these AI providers by category only, in accordance with Section 7.3.

7.3 No model training on Customer Content. Sentravision does not use Customer Content to train, fine-tune, or improve any machine-learning or artificial-intelligence models. Where Customer Content is transmitted to a third-party AI or embedding provider in order to provide the Service, Sentravision engages those providers under terms that do not permit the provider to train its models on data submitted through their APIs.

7.4 List available on request; no published list. Sentravision maintains a current list of the Subprocessors it engages to Process Customer Personal Data, identified by category/function. Sentravision does not publish an enumerated list of Subprocessor names. Customer may obtain the current list, including the names and processing roles of Subprocessors, by submitting a written request to [email protected]. User-selected single-sign-on providers that a human user chooses to authenticate with (such as Google or GitHub) are upstream identity providers selected by the user, not Subprocessors of Customer Content, and are addressed in the Ledgenter Privacy Policy.

7.5 Subprocessor obligations. Sentravision will impose on each Subprocessor data-protection obligations that are substantially similar to those set out in this DPA, to the extent applicable to the nature of the Subprocessor's services. Sentravision remains responsible to Customer for the performance of each Subprocessor's obligations.

7.6 Notice of changes and right to object. Sentravision will give Customer at least thirty (30) days' advance notice of any intended addition or replacement of a Subprocessor that Processes Customer Personal Data before that Subprocessor begins Processing Customer Personal Data, by email to Customer's registered contact and/or by making updated information available on request. If Customer reasonably objects to a new Subprocessor on data-protection grounds within thirty (30) days of notice, the parties will work together in good faith to address the objection. If the objection cannot be reasonably resolved, Customer's sole remedy is to terminate the affected portion of the Service in accordance with the Agreement.

8. Assistance with Data Subject Requests

8.1 Self-service tools. The Service provides Customer with functionality to access, correct, export, and delete Customer Content directly, including: editing and removing records through the console, MCP server, and CLI; a self-service export function that returns the workspace's user-facing data as a single structured (JSON) document; and a self-service workspace-deletion function. Customer may use these tools as its primary means of responding to requests from Data Subjects to exercise their rights (such as access, rectification, erasure, restriction, portability, and objection).

8.2 Additional assistance. Taking into account the nature of the Processing, Sentravision will provide reasonable assistance to Customer, through appropriate technical and organizational measures and insofar as commercially reasonable, to enable Customer to respond to requests from Data Subjects under Data Protection Laws to the extent Customer cannot do so through the self-service tools.

8.3 Requests received directly. If Sentravision receives a request from a Data Subject relating to Customer Personal Data, Sentravision will, to the extent legally permitted, promptly notify Customer and direct the Data Subject to Customer. Sentravision will not respond to such a request itself except on Customer's documented instructions or as required by applicable law.

9. Security Incident Notification

9.1 Sentravision will notify Customer without undue delay, and where feasible within seventy-two (72) hours, after becoming aware of a Security Incident affecting Customer Personal Data.

9.2 The notification will describe, to the extent then known and as it becomes available: the nature of the Security Incident, the categories and approximate volume of Customer Personal Data and Data Subjects affected, the likely consequences, and the measures taken or proposed to address it. Sentravision will provide such further information as it reasonably obtains.

9.3 Sentravision will take reasonable steps to mitigate and remediate the Security Incident and will provide reasonable cooperation to assist Customer in meeting Customer's own breach-notification obligations under Data Protection Laws. Sentravision's notification of, or response to, a Security Incident is not an acknowledgment of fault or liability.

10. Return and Deletion of Customer Personal Data

10.1 During the term. Customer may export Customer Content at any time using the self-service export function and may delete Customer Content, including by deleting its workspace, at any time using the self-service deletion function. Workspace deletion requires owner-level authorization and an explicit confirmation step and operates only on the requesting workspace.

10.2 On termination. Following expiry or termination of the Agreement, and subject to Customer first retrieving any Customer Content it wishes to retain, Sentravision will delete or, at Customer's election, return Customer Personal Data and remove it from the live production environment within thirty (30) days, unless retention is required by applicable law. Customer is responsible for exporting its own Customer Content prior to termination.

10.3 Backups. Customer acknowledges that, following deletion from the live production environment, residual copies of Customer Personal Data may persist in routine encrypted backups and are purged within thirty (30) days thereafter on the normal backup cycle, after which they are overwritten or deleted. Backup copies remain subject to the confidentiality and security obligations of this DPA until deleted.

11. International Transfers

11.1 Processing location. Customer Personal Data is stored and Processed in the United States. Customer acknowledges and instructs that Customer Personal Data may be transferred to and Processed in the United States by Sentravision and its Subprocessors. Customer is responsible for its own compliance with applicable law if it chooses to submit data that is subject to the laws of a jurisdiction outside the United States.

11.2 Transfer mechanism. Where Customer's use of the Service involves a transfer of Customer Personal Data from the European Economic Area, the United Kingdom, or Switzerland to a country that has not received an adequacy decision, the Standard Contractual Clauses are incorporated into this DPA by reference and apply to that transfer. For such transfers: (a) Customer (and any relevant data exporter) is the data exporter and Sentravision is the data importer; (b) the EU SCCs apply as follows — Module Two (controller-to-processor) where Customer is a controller, and Module Three (processor-to-processor) where Customer is itself acting as a processor — completed by Annex A (subject matter and details of processing) and Annex B (technical and organizational measures); (c) for transfers subject to the UK GDPR, the UK International Data Transfer Addendum applies; and (d) in the event of any conflict between the SCCs and this DPA, the SCCs prevail.

12. Audit and Demonstration of Compliance

12.1 Sentravision will make available to Customer, on written request to [email protected], information reasonably necessary to demonstrate compliance with this DPA, including responses to a reasonable security questionnaire and relevant documentation.

12.2 To the extent Data Protection Laws require Customer to have audit rights that cannot be satisfied through the information described in Section 12.1, Customer may request an on-site audit no more than once in any twelve (12) month period (and additionally where required by a Supervisory Authority). Any such audit will be conducted: on at least thirty (30) days' prior written notice; during normal business hours; in a manner that does not disrupt Sentravision's operations or compromise the security or confidentiality of other customers' data; subject to confidentiality obligations; and at Customer's expense.

13. U.S. State Privacy Laws (Service Provider / Processor Terms)

13.1 To the extent the CCPA or another applicable U.S. state privacy law applies to Customer Personal Data, the parties agree that Sentravision acts as a "service provider," "processor," or equivalent, and Processes Customer Personal Data solely on Customer's behalf for the limited and specified business purpose of providing the Service under the Agreement.

13.2 Sentravision will not: (a) "sell" or "share" Customer Personal Data (as those terms are defined under applicable U.S. state privacy law); (b) retain, use, or disclose Customer Personal Data for any purpose other than the business purposes specified in the Agreement, or outside the direct business relationship between the parties; or (c) combine Customer Personal Data with personal information it receives from, or on behalf of, another party, or collects from its own interactions, except as permitted by applicable U.S. state privacy law. Sentravision certifies that it understands and will comply with these restrictions.

14. Liability

14.1 The liability of each party under this DPA is subject to, and counts toward, the limitations and exclusions of liability set out in the Agreement; any reference to a party's liability means that party's aggregate liability under the Agreement and this DPA together. Subject to Section 14.2: (a) each party's total aggregate liability arising out of or related to the Agreement and this DPA will not exceed the greater of (i) the fees paid by Customer in the twelve (12) months before the event giving rise to the claim, or (ii) US$100; and (b) neither party will be liable for indirect, incidental, consequential, special, or punitive damages, or for lost profits or lost data.

14.2 The cap and exclusions in Section 14.1 do not apply to: a party's indemnification obligations; a breach of confidentiality obligations; infringement of the other party's intellectual-property rights; or any liability that cannot be limited or excluded under applicable law.

15. Term, Order of Precedence, and General

15.1 Term. This DPA takes effect on the effective date stated above and remains in force for as long as Sentravision Processes Customer Personal Data under the Agreement.

15.2 Order of precedence. In the event of a conflict between this DPA and the Agreement with respect to the Processing of Customer Personal Data, this DPA prevails. In the event of a conflict between this DPA and the SCCs, the SCCs prevail.

15.3 Changes to this DPA. Sentravision may update this DPA from time to time to reflect changes in the Service, its operations, or applicable law, provided that no such update will materially diminish Customer's protections under this DPA. Material changes will be communicated as set out in the Agreement.

15.4 Governing law. This DPA is governed by and construed in accordance with the laws of the State of Minnesota, United States, without regard to its conflict-of-laws principles, except (a) to the extent the SCCs specify a different governing law for transfers to which they apply, and (b) to the extent mandatory provisions of applicable Data Protection Laws require otherwise.

15.5 Dispute resolution; arbitration; class-action and jury-trial waivers. (a) Binding individual arbitration. Except as set out in subsection (c), any dispute, claim, or controversy arising out of or relating to this DPA, the Agreement, or the Service will be resolved by binding individual arbitration administered by the American Arbitration Association ("AAA") under its Commercial Arbitration Rules, seated in Minnesota. Judgment on the award may be entered in any court of competent jurisdiction. (b) Class-action and jury-trial waivers. Disputes will be arbitrated only on an individual basis. The parties waive any right to bring or participate in a class, collective, consolidated, or representative action, and each party waives any right to a jury trial. (c) Carve-outs. Either party may (i) bring an individual claim in small-claims court if it qualifies, and (ii) seek injunctive or other equitable relief in a court of competent jurisdiction to protect its intellectual-property rights or to address an actual or threatened breach of confidentiality obligations. (d) 30-day opt-out. Customer may opt out of this arbitration agreement (including the class-action and jury-trial waivers) by emailing [email protected] within thirty (30) days of first accepting the Agreement. Opting out does not affect any other provision of this DPA or the Agreement. (e) Venue for non-arbitrable matters. For any matter not subject to arbitration, the parties submit to the exclusive jurisdiction and venue of the state courts of Hennepin County, Minnesota and the United States District Court for the District of Minnesota, except as provided in Sections 11.2 and 15.4.

15.6 Survival. The provisions of this DPA that by their nature should survive termination or expiry — including Sections 4 (Confidentiality), 10 (Return and Deletion of Customer Personal Data), 13 (U.S. State Privacy Laws), 14 (Liability), and 15 (Term, Order of Precedence, and General), and any other provision that by its nature should survive — will survive.

15.7 Intellectual property and DMCA notices. Notices of alleged intellectual-property infringement, including notices under the U.S. Digital Millennium Copyright Act, may be sent to Sentravision's designated contact at [email protected].

15.8 Contact. All notices and requests under this DPA may be sent to [email protected], which is Sentravision's designated contact for legal, privacy, support, and data-subject and CCPA matters. A postal mailing address is available on request.

Annex A — Details of Processing

Data exporter / Controller: Customer (the entity that has accepted the Ledgenter Terms of Service).

Data importer / Processor: Apex Business Holdings LLC, a United States limited liability company, d/b/a Sentravision.

Subject matter of the Processing: Sentravision's provision of the Ledgenter agent-native, multi-tenant work-management service to Customer, including coordination of work between Customer's human users and AI agents.

Duration of the Processing: For the term of the Agreement, plus the limited post-termination deletion and backup-expiry periods described in Section 10.

Nature and purpose of the Processing: Hosting, storing, organizing, structuring, retrieving, transmitting, indexing (including generating vector embeddings for semantic search), securing, backing up, and deleting Customer Content, in order to provide, maintain, support, and secure the Service in accordance with Customer's instructions.

Categories of Data Subjects (as determined by the content Customer chooses to submit): Customer's authorized human users (such as administrators and team members) and the individuals identified within AI agent or service-principal records; and any individuals whose Personal Data Customer or its users or agents choose to include within Customer Content (for example, individuals referenced in projects, tasks, decisions, knowledge notes, comments, or attachments).

Types of Personal Data (as determined by the content Customer chooses to submit):

• Identity and contact data of human users (such as name, email address, and authentication identifiers);
• Account and membership data (workspace membership, role, actor display names);
• Any Personal Data that Customer's users or agents include within free-text Customer Content (projects, tasks, task dependencies, decisions, knowledge notes, handoffs, comments, attachments, skills, code references, repositories, activity records, and feature requests) and within vector embeddings derived from your knowledge and decision text.

Special categories of data: The Service is not intended for the Processing of special categories of Personal Data (as defined under GDPR Article 9) or other sensitive data. Customer should not submit such data to the Service; if Customer chooses to do so within free-text Customer Content, Customer does so on its own responsibility and is responsible for any additional safeguards required by law.

Frequency of the transfer: Continuous, for the duration of the Agreement.

Competent Supervisory Authority (where the EU SCCs apply): The competent supervisory authority is determined in accordance with the SCCs by reference to the data exporter's place of establishment in the EEA or, where the data exporter is not established in the EEA, the supervisory authority of the EEA member state in which the relevant Data Subjects are located.

Annex B — Technical and Organizational Security Measures

As of the effective date, Sentravision maintains the following measures, which may be updated in accordance with Section 5.3:

1. Tenant isolation. Multi-tenant data is isolated at the database level using row-level security policies. Every workspace-scoped record is bound to a tenant identifier, and access policies prevent data from one workspace being accessible to another through the ordinary application paths. Isolation is exercised by an automated cross-tenant test suite as part of the development process.

2. Access controls and least privilege. Writes to Customer Content occur only through controlled, access-checked database procedures; direct write access to underlying tables is not granted to the application's authenticated role. AI agents authenticate with per-actor API keys that are exchanged for short-lived, workspace-scoped credentials. Agent processes do not hold database roles or privileged service credentials.

3. Credential protection. API keys are stored only as cryptographic (SHA-256) hashes; raw keys are displayed to the user only once, at creation, and are not retained by Sentravision in recoverable form. Privileged service credentials and signing secrets are held only within server-side functions and are not exposed to client or agent environments.

4. Encryption in transit. Traffic between clients (console, MCP server, CLI) and the Service is transmitted over encrypted connections (TLS/HTTPS).

5. Encryption at rest. Customer Content is encrypted at rest by the managed-infrastructure providers that operate the Service, including in backups. Sentravision does not claim any specific cipher, standard, or certification for this encryption.

6. Rate limiting and abuse prevention. Authentication and credential-exchange endpoints are rate-limited (per source, per credential, and globally) and fail closed on authentication errors. Per-workspace limits bound the number of actors and API keys to deter abuse.

7. Auditability. The Service maintains an activity log of actions taken within a workspace (actor, action, object, timestamp, and status) and a record of automated tool calls, supporting audit, debugging, and abuse detection. Activity records are retained on a per-plan schedule and then automatically purged.

8. Backups. Customer Content is backed up to support recovery; backups are encrypted and expire on a defined retention cycle (see Section 10.3).

9. Credential revocation. API keys can be revoked at any time. Revocation prevents new credential exchanges immediately; an already-issued short-lived credential may remain valid for up to its remaining lifetime (currently up to fifteen minutes) before expiring.

10. Data export and deletion. The Service provides self-service export of a workspace's data as a single structured document and self-service deletion of Customer Content and of the entire workspace, with owner-level authorization and explicit confirmation.

Annex C — Subprocessors

Sentravision engages Subprocessors to provide and operate the Service. The categories of Subprocessing include hosting (managed database, infrastructure, and application hosting), payment processing, transactional email, product analytics, AI and embedding services, and content delivery and DNS. Sentravision does not publish an enumerated list of Subprocessor names. The current list of Subprocessors, including names and processing roles, is available to Customer on written request to [email protected], as described in Section 7. User-selected single-sign-on providers (such as Google or GitHub) are upstream identity providers chosen by the user, not Subprocessors of Customer Content.

This DPA is published as a final, operative document and forms part of the Ledgenter Terms of Service (ledgenter.com/terms). It does not constitute legal advice; a counsel review remains advisable but is not required before use.