Security Informations

LeanIX operates in full transparency towards its customers and is committed to full compliance with all applicable laws and regulations in the way it conducts its activities.
Here you will be able to learn more about the terms and conditions for the use of our products, our privacy statements, as well as access our FAQs and additional documents and information.

availability

Legal

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa.

Learn more
security

Compliance

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor. Aenean massa.

Learn more
resources

Privacy

We believe in transparency and therefore want to make it easy for you to find all relevant security and trust resources in one place.

Learn more

Our Commitments as a
data controller

If you use this website, perform a demo, participate to one of our events, or generally if you communicate or contact us, we may collect, use, share and process information relating to you. Our commitments to you in terms of our processing practices and your related rights are detailed in the below documents. Please take the time to read these documents in their entirety to ensure you are fully informed. Note that we may update them over time, to reflect developments in our websites, events, products, or services.

If you have any questions or concerns about our use of your personal information, please do not hesitate to contact us at dataprivacy@leanix.net.

Commercial

If you purchase a LeanIX product or service, the relevant Order Form will call out the below terms. By executing the Order Form, you accept that said terms will apply to your ordering. Note that the below documents apply for agreements executed on or after [--/--/--]. If your Order Form has been executed prior to such date and you wish to access the relevant terms and conditions, please check the [LINK TO ARCHIVE] or contact your Account Executive.

Frequently Asked Questions

Why LeanIX’s paperwork instead of my own?

LeanIX provides an off-the-shelves SaaS service. In providing this product, we rely on standardization and automation, which means that the same service is provided, in identical ways, to all our hundreds of customers. Our customer agreements need therefore to reflect these processes.

Now, the typical Customer form of agreement is drafted to cover as broad a spectrum as possible of service providers. Any such form would therefore have to be extensively redrafted and modified, only to be able to be consistent with the way we provide our services.

A customer’s form of agreement always requires extensive modifications in order to align it with our service offering, and this inevitably extends the review process for both the customer and LeanIX alike.

We have learned that it is far more efficient for the parties to rely on our standardized paperwork, since our terms and conditions already align with our offering and contains all the appropriate provisions that would otherwise have to be injected into the customer form of agreement. 

Many issues and concerns are quickly dispelled through conversation; there are many nuances to the subscription service that are not apparent on their face.

Depending on your country of incorporation, the LeanIX terms and conditions provide for different options.

The version current as of the Effective Date of your Order Form. LeanIX may update the then current version over time and upload new versions of the Terms and conditions and of the other contractual paperwork, but those will not apply to you and your ordering unless you have so agreed in writing with LeanIX.

You rely on us delivering the best and most reliable SaaS, which is why we build on modern technologies, best-in-class processes and transparency to ensure the security and availability of our solution.

From a legal point of view, there are two categories of data processed in LeanIX: Non-personal information about your IT architecture or your cloud usage, for example. And on the other hand, such personal data about the users of LeanIX in your company that is generated by the use of LeanIX.

If you are located in the European Economic Area or in the UK, or if you use our platform to process data about your contacts in the EEA or UK, the General Data Protection Regulation applies to any such data processing. To ensure compliance with the GDPR, we include our Data Processing Exhibit to all our customer agreements. This Exhibit has been drafted to meet the requirements of the GDPR in order to enable you to lawfully process that data on your behalf.

This document is incorporated directly into our Terms and Conditions, and does not require any additional signature.

Should you deem that a data processing agreement is not needed, LeanIX recommends you consult with your legal advisor to assess the potential impact your decision not to include said document may have on your particular situation.

Depending on your place of incorporation, you will contract either with LeanIX US (if you are based in the USA) or with LeanIX GmbH (anywhere else). Your data will accordingly be hosted in the USA or in the EU.

LeanIX relies on third-parties to process personal data on our behalf, and their servers may be located either in the EU/UK or in the USA. Other entities of the LeanIX group may also be involved in the data processing. A full list of our Affiliates and sub-processors involved in the provision of the services, along with details of their location, can be provided to you upon request, prior signature of appropriate non disclosure obligations. In any case, LeanIX takes steps to ensure that its vendors offer appropriate safeguards to protect personal data they process on our behalf, and contractually obligate them to process such data in compliance with applicable data protection laws. Also, LeanIX has implemented and will keep implementing appropriate safeguards to ensure an adequate level of data protection where Customer Data is transferred to countries outside the EEA, such as standard contractual clauses for the transfer of Personal Data as approved by the European Commission (Art. 46 GDPR).

On July 16, 2020, the CJEU confirmed that Standard Contractual Clauses (SCCs) continue to provide a valid mechanism for companies to transfer personal data outside the EU/UK. However, transfers based on SCCs may be challenged on a case-by-case basis, especially where national security laws conflict with the guarantees provided by the data importer under the SCCs.

The CJEU noted that, in addition to adhering to the SCCs, the data exporter and data importer may need to agree to supplemental measures to ensure an adequate level of protection for the transferred data, but did not specify what those measures could be.

We want to reassure our Customers that they can continue using our products in compliance with EU/UK law.

The SCCs remain a valid data export mechanism. Our agreements are structured in a way that the SCCs automatically take effect, so our users were protected by the SCCs immediately after the ruling. In accordance with the ruling of the EUCJ, in addition to signing SCCs with all its subprocessors, LeanIX has put in place security measures to ensure that EU and UK data remains protected when it’s transferred outside of Europe. Our security and privacy program is outlined in detail on our security and trust page.

The European Commission published on June 4, 2021, new Standard Contractual Clauses for international data transfers (“SCCs”). At present LeanIX relies on the existing SCCs for transfers of EU customer data in our services.

In the coming months, LeanIX may review its agreements and privacy commitments to ensure full consistency with the evolving regulatory framework.