The Intelligent Agent
The Intelligent Agent
Draft, pending legal review. This document is provided in good faith while we finalize counsel review. It is not a substitute for the binding agreement in your master subscription.
Legal·Last updated 2026-05-18·v2026-05-18

Data Processing Addendum

Standing DPA that applies to every customer subscription. Auto-incorporated when you accept the Terms. Carrier vendor reviewers can download a counter-signed PDF from Settings, Legal.

Questions? privacy@theintelligentagent.ai

1. Roles

Customer is the Controller of personal data processed via the platform. The Intelligent Agent, Inc. is the Processor, acting on the documented instructions of Customer. For US privacy laws (CCPA), Customer is the Business and we are the Service Provider; we are contractually prohibited from selling, sharing, or retaining personal information except as needed to provide the service.

2. Scope of processing

  • Subject matter: providing the Intelligent Agent platform under the Terms of Service.
  • Duration: for the subscription term plus the retention window in §9.
  • Nature and purpose: hosting, indexing, search, AI inference, generation of insurance documents and proposals, audit logging.
  • Categories of data subjects: Customer's employees and authorized users, Customer's insureds, prospects, and claimants whose data Customer uploads.
  • Categories of personal data: contact details, account credentials, insurance policy and claim data, communications, and any other personal data Customer chooses to upload.
  • Special categories: only as Customer chooses to upload (e.g. medical info in benefits quoting). Customer is responsible for the lawful basis of that processing.

3. Subprocessors

Customer authorizes us to engage the subprocessors listed at /subprocessors. We will give at least 30 days' notice before adding or replacing a subprocessor (in-product or by email). Customer may object on reasonable data-protection grounds; if the objection cannot be resolved, Customer may terminate the affected service for a prorated refund.

4. Security measures

We maintain technical and organizational measures including: TLS 1.2+ in transit, AES-256 at rest, Postgres Row-Level Security for tenant isolation, role-based access control, least-privilege production access, default PII redaction in chat logs, audit logging, and periodic vulnerability scanning. Detail at /security.

5. Breach notification

We will notify Customer without undue delay and in any event within 72 hours of confirming a personal data breach affecting Customer Data. Notice will include the nature of the breach, categories and approximate number of records affected, likely consequences, and measures taken.

6. Data subject rights

We will assist Customer in responding to data subject requests (access, rectification, erasure, portability, restriction, objection) through in-product tooling and, where needed, reasonable engineering assistance. Requests we receive directly from Customer's data subjects will be forwarded to Customer.

7. International transfers

Customer Data is hosted in the United States. Where transfers from the EEA, UK, or Switzerland are subject to applicable data protection law, the parties agree to incorporate the EU Standard Contractual Clauses (Module 2: Controller to Processor) and the UK International Data Transfer Addendum by reference; if Customer requires a signed copy, contact privacy@theintelligentagent.ai.

8. Audit

We make available our current third-party audit reports and security questionnaire responses on request, no more than once per 12-month period, subject to confidentiality. Onsite audits are available on reasonable notice at Customer's cost where required by law.

9. Term & deletion

On termination of the subscription, Customer may export Customer Data for 30 days. Thereafter we will delete or anonymize it within 30 additional days, except where retention is required by law. Backups are purged on standard rotation (no longer than 90 days).

Other legal documents: Data Promise · Privacy · Terms · DPA · Subprocessors · Acceptable use · Cookies · Security