Last updated: April 11, 2026

Data Processing Addendum

Roles

For customer content, the customer is generally the controller or business, and AutonomyX is generally the processor or service provider. For account administration, billing, security, and direct business operations, AutonomyX may act as an independent controller where permitted by law.

Instructions

AutonomyX processes personal data according to customer instructions, the agreement, product configuration, security requirements, and applicable law. Instructions include routing data through selected AI models, observability, workflow, identity, mail, and integration services.

Data Subject Requests

AutonomyX will provide reasonable assistance for access, correction, deletion, portability, objection, consent withdrawal, and grievance requests under GDPR, India DPDP Act, CCPA/CPRA, and other applicable privacy regulations.

International Transfers

Where personal data is transferred internationally, AutonomyX and customers will use appropriate safeguards such as standard contractual clauses, data processing terms, contractual restrictions, regional hosting, or other transfer mechanisms recognized by applicable law.

Deletion and Return

At termination or on verified request, customer data will be deleted or returned according to the agreement, subject to backups, legal holds, security logs, fraud prevention, tax, audit, and compliance retention requirements.