← Back to PolyFoundry
PolyFoundry
Data Processing Addendum (DPA)
Effective 20 March 2026
1. Purpose
This DPA supplements the services agreement between PolyFoundry and the client (the “Controller”) when PolyFoundry (the “Processor”) processes personal information on the client’s behalf.
2. Roles
- Controller: The client who determines the purpose and means of processing.
- Processor: PolyFoundry, acting solely on the Controller’s documented instructions.
3. Processing details
- Subject matter: Operation of on-premise OpenClaw agents, workflows, and logs.
- Duration: For the term of the services agreement.
- Categories of data: Employee, customer, or partner data present in client systems connected to the agent.
- Types of processing: Reading, analysing, generating responses, logging outputs, and storing telemetry per the agreed workflows.
4. Processor obligations
- Process data only on documented instructions from the Controller.
- Ensure staff with access are under confidentiality obligations.
- Implement appropriate technical and organisational security measures.
- Assist the Controller with data subject requests and incident response.
- Delete or return personal data at termination, unless law requires retention.
5. Sub-processors
PolyFoundry uses limited sub-processors (e.g., secure ticketing, monitoring, or backup providers). A current list is available on request. We require each sub-processor to meet equivalent security and privacy obligations.
6. Data location
Agents run on client-owned hardware. Any supporting services used by PolyFoundry are hosted in Australian or trusted international regions with appropriate safeguards (e.g., SCCs or UK IDTA).
7. Audit rights
Upon reasonable notice, the Controller may audit PolyFoundry’s compliance with this DPA. We may satisfy this requirement by providing independent audit reports or certifications.
8. Incident notification
We will notify the Controller without undue delay after becoming aware of a personal data breach impacting the managed agents, including relevant details and remediation steps.
9. Contact
Data protection enquiries: submit via the PolyFoundry intake form.