Data Processing Agreement

This Data Processing Agreement ("DPA") supplements the Terms of Service and governs Agilentic's processing of personal data on your behalf as a data processor under GDPR Article 28.

Agilentic processes personal data only on documented instructions from you (the Controller), unless required by EU or member-state law.

Agilentic uses the sub-processors listed in our Sub-Processors List (/legal/sub-processors). We will provide 30 days' notice before adding new sub-processors.

We implement appropriate technical and organisational measures including encryption at rest (AES-256), encryption in transit (TLS 1.3), access controls, and regular penetration testing.

We will notify you of any personal data breach within 72 hours of becoming aware, as required by GDPR Article 33.

Upon termination of the service, we will delete or return all personal data within 30 days, at your election.