Data Processing Addendum

For personal data processed via the Services, the customer is the data controller and Hexel is the data processor. Hexel processes data only on documented instructions from the customer.

Hexel processes personal data to provide the Services, including orchestration, governance, and observability of agent fleets, for the duration of the agreement.

Personnel authorized to process personal data are bound by appropriate confidentiality obligations.

Hexel maintains technical and organizational measures including encryption, access controls, isolation, and continuous monitoring, as described in our Security overview.

The customer authorizes Hexel to engage sub-processors listed on our sub-processors page. Hexel imposes data-protection obligations on each sub-processor.

Hexel assists the customer, where reasonably possible, in responding to requests from data subjects to exercise their rights.

Where personal data is transferred internationally, the parties rely on appropriate safeguards such as standard contractual clauses.

Upon termination, Hexel deletes or returns personal data in accordance with the agreement, subject to legal retention requirements.