Data Processing Agreement

This agreement governs AgentPing's processing of personal data on your behalf and forms part of your agreement with us.

1. Definitions

"Controller", "Processor", "Data Subject", "Personal Data", "Processing", and "Supervisory Authority" carry the meanings given in the UK GDPR and EU Regulation 2016/679 ("GDPR"). "Customer" is the account holder acting as Controller; "AgentPing" acts as Processor. "Standard Contractual Clauses" or "SCCs" means the clauses approved by the European Commission for the transfer of Personal Data to third countries.

2. Subject matter and roles

AgentPing processes Personal Data only to provide the AgentPing service: ingesting agent telemetry, attributing cost, monitoring liveness, and scoring quality. The Customer is the Controller of that data and AgentPing is the Processor.

3. Processing instructions

AgentPing processes Personal Data only on the Customer's documented instructions, including those expressed through configuration of the service (for example, whether evaluations are enabled for a team), unless required to do otherwise by law.

4. Nature and purpose of processing

  1. Storing run records, step detail, and content reported by the Customer's agents.
  2. Computing cost, liveness, and quality metrics for display in the dashboard and API.
  3. Where evaluations are enabled, transmitting relevant run content to Anthropic for scoring.
  4. Delivering alerts and account communications.

5. Categories of data and data subjects

The categories of Personal Data are determined by the content the Customer chooses to send. AgentPing does not require any particular category and recommends the Customer minimise Personal Data in agent payloads. Data subjects may include the Customer's end users where the Customer includes such data in telemetry.

6. Confidentiality

AgentPing ensures that persons authorised to process the Personal Data are bound by confidentiality.

7. Security

AgentPing implements appropriate technical and organisational measures, including encryption in transit and at rest, scoped access credentials, and least-privilege internal access, as described on our security page.

8. Subprocessors

The Customer authorises AgentPing to engage the subprocessors listed on the security page. AgentPing imposes data-protection obligations on each subprocessor no less protective than those in this agreement and remains liable for their performance. AgentPing will give notice of any intended change and the Customer may object on reasonable data-protection grounds.

9. International transfers

Where processing involves a transfer of Personal Data outside the UK or EEA, the parties incorporate the Standard Contractual Clauses by reference, with AgentPing as data importer and the Customer as data exporter.

10. Data subject requests

AgentPing assists the Customer, by appropriate technical and organisational measures, in responding to requests to exercise data subject rights, and provides export and deletion tooling for that purpose.

11. Personal data breach

AgentPing notifies the Customer without undue delay after becoming aware of a Personal Data breach affecting the Customer's data, and provides information reasonably necessary for the Customer to meet its own notification obligations.

12. Deletion and return

On termination, AgentPing deletes or returns Personal Data in accordance with the retention windows described in the service documentation; backup copies age out on their own schedule.

13. Audits

AgentPing makes available information reasonably necessary to demonstrate compliance with this agreement and contributes to audits on reasonable prior notice.

Questions about this agreement: security@agentping.io.