Last updated: April 11, 2026

Vendor Policy

Scope

This policy applies to vendors, subcontractors, service providers, subprocessors, consultants, and suppliers that support AgentNxt operations, infrastructure, security, billing, mail, observability, support, AI routing, or customer services.

Due Diligence

Vendors may be reviewed for security posture, privacy practices, availability, compliance certifications, incident history, financial risk, data location, access needs, and alignment with GDPR, India DPDP Act, SOC 2 expectations, and customer obligations.

Contracts

Vendors handling confidential, personal, or customer data must agree to appropriate confidentiality, data processing, security, audit, incident notice, subcontracting, retention, and deletion obligations.

Access

Vendor access must follow least privilege, business need, revocation on termination, credential protection, and logging where feasible. Vendors must not access customer data except as authorized by AutonomyX and applicable agreements.

Ongoing Review

AutonomyX may periodically reassess vendors and require remediation, additional safeguards, replacement, or termination where risk exceeds acceptable levels.