Data Processing Agreement
GDPR-compliant DPA. By using GetAutonome to process personal data, this agreement is in effect.
1. Roles
You are the data controller. GetAutonome is the data processor for personal data processed on your behalf.
2. Scope of processing
We process the data necessary to provide the AI agents and integrations you configure, for the duration of your subscription.
3. Sub-processors
Listed in our Trust Center. We notify customers 30 days before adding a new sub-processor.
4. International transfers
EU data residency is available. Where international transfers occur, we rely on Standard Contractual Clauses.
5. Security measures
TLS in transit, AES-256 at rest, role-based access, audit logging, least-privilege integration scopes, and annual third-party security testing.
6. Data subject rights
We assist with access, correction, deletion and portability requests within 30 days.
7. Breach notification
We notify affected customers without undue delay, and in any event within 72 hours of discovery.
8. Term and deletion
On termination, we delete or return personal data within 30 days unless legally required to retain.
9. Sign a counter-signed copy
Email legal@getautonome.com to request a counter-signed PDF.