Data Processing Agreement

Arx Data Processing Agreement (DPA) governing the processing of personal data and compliance with GDPR, CCPA, and other data protection regulations.

Overview

This Data Processing Agreement ("DPA") supplements the Arx Terms of Service and applies to the processing of personal data by Arx on behalf of customers. It governs how Arx collects, processes, stores, and protects personal data in accordance with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other similar regulations.

Data we process

Arx processes the following categories of data on your behalf:

  • User data — names, email addresses, roles, and authentication credentials
  • Agent execution data — logs of agent actions, including inputs and outputs
  • Approval data — approver identities, timestamps, and decisions
  • Audit trail data — complete history of system changes and accesses
  • Connector credentials — encrypted credentials for third-party integrations

Data protection measures

Arx implements the following technical and organizational measures to protect personal data:

  • Encryption in transit — TLS 1.3 for all data transmission
  • Encryption at rest — AES-256 for sensitive data
  • Access controls — Role-based access, MFA required
  • Audit logging — Complete audit trail of data access
  • Data minimization — We collect only data necessary for service operation
  • Retention limits — Default 7-year retention, deletion available on request

Your rights

Under GDPR and similar laws, you have the right to:

  • Access — Request a copy of your personal data
  • Correction — Request correction of inaccurate data
  • Deletion — Request deletion of your data
  • Portability — Export your data in a structured format
  • Objection — Object to certain processing activities

To exercise these rights, contact privacy@arxsec.io.

Data transfers

Arx stores data in the United States. For EU and other international users, Arx relies on Standard Contractual Clauses approved by competent authorities for lawful data transfers.

Contact us

For questions about this DPA or our data processing practices, contact:

Data Protection Officer
Arx Security, Inc.
privacy@arxsec.io