AgentHub
Sign inStart free

Legal

Data Processing Addendum

Effective date: May 15, 2026 · Applies to all customers on Team and Enterprise plans where AgentHub processes Personal Data on behalf of the Customer.

1. Scope

This Data Processing Addendum (“DPA”) forms part of the agreement between MVS Holdings (“AgentHub”) and the customer (“Customer”) identified in the order form (the “Agreement”). It governs the processing of Personal Data by AgentHub on behalf of the Customer in connection with the Services.

2. Roles and responsibilities

For Personal Data processed under the Agreement, the Customer is the controller and AgentHub is the processor. AgentHub processes Personal Data only on documented instructions from the Customer, including with regard to transfers of Personal Data to a third country or an international organization.

3. Sub-processors

The Customer authorizes AgentHub to engage sub-processors to perform specific processing activities. The current list of authorized sub-processors is published at /legal/subprocessors. AgentHub will give the Customer at least 30 days' prior notice of any addition or replacement of sub-processors, during which time the Customer may object on reasonable data-protection grounds.

4. Confidentiality and personnel

AgentHub ensures that personnel authorized to process Personal Data have committed themselves to confidentiality and have received appropriate training in data protection, information security, and incident response.

5. Security measures

AgentHub implements and maintains the technical and organizational measures described at /legal/security, including row-level tenant isolation, tamper-evident audit chains, encryption in transit and at rest, scope-limited connector credentials, hash-pinned approvals on every external write, and least-privilege access controls.

6. Data subject rights

AgentHub will, taking into account the nature of the processing, provide reasonable assistance to the Customer in responding to requests from data subjects to exercise their rights under applicable data-protection law (including rights of access, rectification, restriction, erasure, and portability). Where technically feasible, the Customer can fulfill such requests directly through the workspace controls.

7. Personal data breach notification

AgentHub will notify the Customer without undue delay, and in any case within 72 hours of becoming aware, of any Personal Data breach affecting the Customer's data. Notifications will include the nature of the breach, categories and approximate number of data subjects and records affected, likely consequences, and measures taken or proposed.

8. Audits

On reasonable written notice, the Customer may, no more than once per calendar year (or more frequently following a Personal Data breach affecting the Customer), audit AgentHub's compliance with this DPA. AgentHub will satisfy this obligation by providing relevant third-party reports (e.g., SOC 2 Type II) and responding to written questionnaires; on-site audits are available to Enterprise customers under NDA.

9. International transfers

Where Personal Data originating in the European Economic Area, the United Kingdom, or Switzerland is transferred to a country not deemed adequate by the relevant authority, the parties agree that the EU Standard Contractual Clauses (Module 2: Controller to Processor) and the UK International Data Transfer Addendum, where applicable, are hereby incorporated by reference. AgentHub implements supplementary technical measures (e.g., encryption in transit and at rest, access logs) to safeguard such transfers.

10. Return or deletion of personal data

Upon termination of the Agreement, AgentHub will, at the Customer's election, return or delete all Personal Data within 30 days, unless retention is required by applicable law. Backup copies are purged in accordance with the schedule documented at /legal/security.

11. Liability

The liability of each party arising under or in connection with this DPA is subject to the limitations of liability set out in the Agreement.

12. Order of precedence

To the extent of any conflict between this DPA and the rest of the Agreement, this DPA prevails with respect to the processing of Personal Data.

13. Signing the DPA

To execute this DPA for your organization, email legal@mvsagents.ai with your account email, legal entity name, and signing contact. We will return a counter-signed copy within five business days.

14. Updates

AgentHub may update this DPA from time to time to reflect changes in applicable law or processing practices. Material changes will be communicated to Customers in advance of taking effect. The latest version is always available at /legal/dpa.

Need additional documentation (subprocessor list under NDA, security questionnaire, BAA for Enterprise)? Email legal@mvsagents.ai.