This agreement governs AgentPing's processing of personal data on your behalf and forms part of your agreement with us.
"Controller", "Processor", "Data Subject", "Personal Data", "Processing", and "Supervisory Authority" carry the meanings given in the UK GDPR and EU Regulation 2016/679 ("GDPR"). "Customer" is the account holder acting as Controller; "AgentPing" acts as Processor. "Standard Contractual Clauses" or "SCCs" means the clauses approved by the European Commission for the transfer of Personal Data to third countries.
AgentPing processes Personal Data only to provide the AgentPing service: ingesting agent telemetry, attributing cost, monitoring liveness, and scoring quality. The Customer is the Controller of that data and AgentPing is the Processor.
AgentPing processes Personal Data only on the Customer's documented instructions, including those expressed through configuration of the service (for example, whether evaluations are enabled for a team), unless required to do otherwise by law.
The categories of Personal Data are determined by the content the Customer chooses to send. AgentPing does not require any particular category and recommends the Customer minimise Personal Data in agent payloads. Data subjects may include the Customer's end users where the Customer includes such data in telemetry.
AgentPing ensures that persons authorised to process the Personal Data are bound by confidentiality.
AgentPing implements appropriate technical and organisational measures, including encryption in transit and at rest, scoped access credentials, and least-privilege internal access, as described on our security page.
The Customer authorises AgentPing to engage the subprocessors listed on the security page. AgentPing imposes data-protection obligations on each subprocessor no less protective than those in this agreement and remains liable for their performance. AgentPing will give notice of any intended change and the Customer may object on reasonable data-protection grounds.
Where processing involves a transfer of Personal Data outside the UK or EEA, the parties incorporate the Standard Contractual Clauses by reference, with AgentPing as data importer and the Customer as data exporter.
AgentPing assists the Customer, by appropriate technical and organisational measures, in responding to requests to exercise data subject rights, and provides export and deletion tooling for that purpose.
AgentPing notifies the Customer without undue delay after becoming aware of a Personal Data breach affecting the Customer's data, and provides information reasonably necessary for the Customer to meet its own notification obligations.
On termination, AgentPing deletes or returns Personal Data in accordance with the retention windows described in the service documentation; backup copies age out on their own schedule.
AgentPing makes available information reasonably necessary to demonstrate compliance with this agreement and contributes to audits on reasonable prior notice.
Questions about this agreement: security@agentping.io.