This DPA applies to all personal data processed by AgentTrust on behalf of the Customer in connection with the Platform services.
Customer is the Data Controller. AgentTrust is the Data Processor for transaction data and a joint Controller for fraud prevention and sanctions screening.
Subject matter: B2B transaction processing, escrow management, dispute resolution. Duration: Duration of the service agreement. Data subjects: Business representatives, authorized agents. Data categories: Business identity, transaction records, payment data.
Current sub-processors: Supabase Inc. (database hosting, EU), Stripe Inc. (payment processing, EU/US), Upstash Inc. (rate limiting, EU), Anthropic PBC (AI analysis, US). Customer will be notified 30 days before adding new sub-processors.
AgentTrust implements: encryption at rest (AES-256-GCM) and in transit (TLS 1.3), access controls with WebAuthn/FIDO2, tamper-proof audit logging, automated vulnerability scanning, rate limiting, sanctions screening, fraud detection, post-quantum cryptography readiness.
AgentTrust will notify Customer within 72 hours of becoming aware of a personal data breach, including: nature of breach, categories of data affected, likely consequences, and measures taken.
Upon termination, AgentTrust will delete all Customer personal data within 90 days, except data required by law (transaction records: 10 years).
Customer may audit AgentTrust’s compliance with this DPA once per year with 30 days’ notice. AgentTrust will provide SOC 2 Type II reports when available.
AgentTrust — Trust infrastructure for autonomous commerce. Questions? legal@agenttrust.eu