Data Processing Addendum
Last updated July 5, 2026
This Data Processing Addendum (“DPA”) forms part of the Terms of Service between you (“Controller”) and Augustus (“Processor”) and applies where we process personal data on your behalf in providing the Service.
1. Roles and scope
You are the controller of the personal data in your workspace and connected systems; we are the processor. We process that data only to provide the Service and on your documented instructions, which include your configuration of processes, connections, and approvals.
2. Processing details
Subject matter: operation of automated business processes. Duration: the term of your workspace. Nature and purpose: reading connected-system data and performing approved actions. Data subjects: your customers, employees, and contacts as present in the systems you connect. Categories: as determined by the systems you connect and the processes you build.
3. Confidentiality and security
We ensure personnel authorized to process personal data are bound by confidentiality, and we maintain the technical and organizational measures described on our Security page, including tenant isolation via row-level security, encryption of credentials at rest, and human-gated execution of consequential actions.
4. Subprocessors
You authorize our use of the subprocessors listed in the Privacy Policy (Supabase, Vercel, Anthropic, OpenAI, Stripe, Resend, Upstash). We remain responsible for their performance and will give notice of material changes so you may object.
5. Data subject requests
Taking into account the nature of processing, we assist you in responding to requests to access, correct, or delete personal data, including through the export and delete controls in the product.
6. Personal data breach
We will notify you without undue delay after becoming aware of a personal data breach affecting your data, with the information reasonably available to help you meet your notification obligations.
7. Deletion or return
On termination, or on your request, we delete or return personal data, and delete existing copies except where retention is required by law. Deleting your workspace revokes stored credentials.
8. Contact
To execute a countersigned copy or ask questions: privacy@augustus.so.