Data Processing Addendum
Last updated: July 4, 2026
This Data Processing Addendum ("DPA") describes how Agentic Labs Solutions LLC processes personal data on behalf of customers in connection with our services, and forms part of the services agreement between you (the "Customer") and Agentic Labs. This page summarizes our standard terms; a countersigned DPA is available on request via contact@agenticlabs.io.
1. Roles of the parties
For personal data processed in connection with the services, the Customer is the controller (or processor acting on behalf of its own controllers) and Agentic Labs is the processor (or sub-processor). Each party complies with the data protection laws applicable to it, including the GDPR, UK GDPR, and the CCPA/CPRA as a "service provider."
Because our delivery model keeps your production data within your environment, Agentic Labs processes limited personal data and only on your documented instructions, as set out in the services agreement and this DPA.
2. Scope and processing details
| Item | Details |
|---|---|
| Subject matter | Design, delivery, and operation of agentic systems as described in the applicable Statement of Work. |
| Duration | The term of the services agreement, plus any legally required retention period. |
| Nature and purpose | Configuration, integration, orchestration, monitoring, and support of AI agents within the Customer environment. |
| Types of personal data | As determined and controlled by the Customer; typically business contact data and any data present in the Customer systems the agents access. |
| Categories of data subjects | As determined by the Customer — e.g., the Customer’s personnel, customers, and end users. |
3. Our obligations as processor
- Process personal data only on the Customer’s documented instructions, including for international transfers, unless required otherwise by law.
- Ensure personnel authorized to process personal data are bound by confidentiality.
- Implement appropriate technical and organizational security measures (see below and our Trust & Security page).
- Not sell or share personal data, and not use it for our own purposes or to train general-purpose models.
- Assist the Customer, taking into account the nature of processing, with data subject requests and with security, breach notification, and data protection impact assessments.
- Delete or return personal data at the end of the services, except where retention is legally required.
- Make available information necessary to demonstrate compliance and allow for audits, subject to reasonable confidentiality and security conditions.
4. Security measures
We maintain a documented security program aligned with SOC 2 Type II, including encryption in transit (TLS 1.2+) and at rest (AES-256), role-based and least-privilege access, audit logging of agent actions, vulnerability management, and incident response. For HIPAA-regulated workloads we enter into a Business Associate Agreement. Full details are on our Trust & Security page.
5. Sub-processors
The Customer authorizes Agentic Labs to engage the sub-processors listed on our Sub-processors page to support the services. We impose data protection obligations on sub-processors no less protective than those in this DPA and remain responsible for their performance. We provide a mechanism to receive notice of new sub-processors and a reasonable opportunity to object.
6. International transfers
Where processing involves transfers of personal data from the EEA, UK, or Switzerland to a country without an adequacy decision, the parties rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum, as applicable), which are incorporated by reference into the signed DPA.
7. Data breach notification
We will notify the Customer without undue delay after becoming aware of a personal data breach affecting Customer personal data, and will provide the information reasonably needed for the Customer to meet its own notification obligations.
8. Requesting a signed DPA
To execute a DPA (including SCCs and, where relevant, a BAA), contact contact@agenticlabs.io (Attn: Legal). We are glad to complete security questionnaires and provide our SOC 2 report under NDA.