Please enable JavaScript to view AGENSTAB properly.
Legal

Data Processing Agreement

Governing the processing of personal data on behalf of Enterprise clients.

1. Definitions and Scope

This Data Processing Agreement ("DPA") supplements the Terms of Service. It outlines the obligations of AGENSTAB Inc. ("Data Processor") when processing personal data on behalf of the customer ("Data Controller") in accordance with the GDPR, CCPA, and other applicable data protection laws. We process personal data only as necessary to provide the AGENSTAB service, specifically during autonomous browser interactions via the extension or engine.

2. Security and Data Deletion

We implement appropriate technical and organizational measures to ensure security, including AES-256-GCM encryption for API keys and Chromium sandboxing for execution environments. Data Deletion: Upon termination of the Service, or upon the Data Controller's written request, AGENSTAB shall delete or return all personal data within thirty (30) days, unless otherwise required by applicable law.

3. Sub-processors

The Data Controller provides a general authorization for AGENSTAB Inc. to engage the following approved sub-processors:

  • OpenAI, L.L.C. (VLM Grounding, US)
  • Anthropic, PBC (VLM Grounding, US)
  • Google LLC (Cloud Infrastructure, Global)
  • Google LLC (Firebase) (Authentication Services, Global)
  • Neon, Inc. (Serverless PostgreSQL, US/EU)
  • Upstash, Inc. (Serverless Redis, US/EU)

We will inform the Data Controller of any intended changes concerning the addition or replacement of sub-processors at least thirty (30) days in advance, giving the controller the opportunity to object.

4. International Data Transfers

Any transfer of personal data outside the European Economic Area (EEA), the UK, or Switzerland to countries that do not ensure an adequate level of data protection shall be governed by the standard contractual clauses (SCCs) approved by the European Commission or the UK International Data Transfer Addendum, which are incorporated by reference into this DPA, alongside any relevant adequacy decisions.

5. Personal Data Breach Notification

AGENSTAB shall notify the Data Controller without undue delay, and in any event within forty-eight (48) hours, after becoming aware of a personal data breach affecting the Data Controller's data. We shall provide sufficient information to allow the Data Controller to meet any obligations to report or inform data subjects of the breach under applicable data protection laws.

6. Audit Rights

Upon written request, and no more than once annually, AGENSTAB shall make available to the Data Controller all information necessary to demonstrate compliance with this DPA. The Data Controller or a mandated third-party auditor may conduct audits, including inspections, subject to reasonable advance notice, confidentiality obligations, and minimal disruption to AGENSTAB's operations.