agentcentral
Start free trial

Data Processing Agreement

Last updated: June 9, 2026

1. Parties and scope

This Data Processing Agreement (“DPA”) forms part of the agentcentral Terms of Service between Eulyptica (“agentcentral”, “we”, “us”) and the customer (“you”). It applies whenever we process personal data on your behalf in the course of providing the service, and it reflects the requirements of Article 28 of the EU General Data Protection Regulation (GDPR) and the UK GDPR. By using the service you accept this DPA. If there is a conflict between this DPA and the Terms of Service with respect to the processing of personal data, this DPA controls.

2. Roles

You are the controller of the personal data contained in your Amazon seller account data. agentcentral is your processor for that data. For data we collect for our own purposes, such as your account registration, billing, and product communications, we act as an independent controller, with that processing described in our Privacy Policy.

3. Details of processing

  • Subject matter and nature. Syncing, storing, organizing, and returning your Amazon seller data so connected AI assistants and API clients you authorize can read it.
  • Purpose. Providing the agentcentral service as described in the Terms of Service and your configuration.
  • Duration. The term of your agreement with us, until deletion under section 9.
  • Categories of data. Amazon seller account data, including advertising, inventory, catalog, finance, fulfillment, and order records. Order records include buyer geographic fields (city, state or region, postal code, country). We do not sync buyer names, street addresses, email addresses, or phone numbers from Amazon. Fulfillment requests you initiate may include a recipient name and shipping address; we transmit these to Amazon to execute your request and retain only city and region level fields in audit records.
  • Data subjects. You and your staff, the buyers reflected in your Amazon order data, and recipients of fulfillment requests you initiate.

4. Our obligations as processor

  • We process your data only on your documented instructions, which consist of the Terms of Service, this DPA, and your use and configuration of the service, unless required otherwise by law (in which case we will inform you unless legally prohibited).
  • We ensure that persons authorized to process your data are bound by confidentiality obligations.
  • We implement the technical and organizational measures in section 5.
  • Taking into account the nature of the processing, we assist you with reasonable measures to respond to data subject requests (access, rectification, erasure, restriction, portability, objection).
  • We assist you with your obligations regarding security, breach notification, and data protection impact assessments where relevant to the service.
  • We notify you without undue delay after becoming aware of a personal data breach affecting your data.

5. Security measures

  • Encryption in transit (HTTPS/TLS) for all access.
  • Encryption at rest for stored data.
  • Amazon credentials encrypted with a dedicated key management service.
  • Per-account isolation: your Amazon seller data is stored in a dedicated, per-account dataset and is never commingled with other accounts’ seller data. Account and operational metadata is logically separated by account identifier.
  • Scoped, revocable access credentials, with read-only access enforced for assistant connections made through this service’s directory integrations.
  • Audit records for write actions performed through the service.

6. Subprocessors

You provide general authorization for the subprocessors and service providers listed in the Privacy Policy. We will notify you by email before adding or replacing a subprocessor; you may object on reasonable data protection grounds, and if we cannot resolve the objection you may terminate the affected service. We impose data protection obligations on subprocessors that are materially no less protective than this DPA, and we remain responsible for their performance.

7. International transfers

The service is operated from the United States. Where personal data originating from the European Economic Area, the United Kingdom, or Switzerland is transferred to us, the parties incorporate the European Commission’s Standard Contractual Clauses (Module Two: controller to processor) by reference, and for UK transfers the UK International Data Transfer Addendum. The details of processing in section 3 and the measures in section 5 serve as the corresponding annexes.

8. Audits and information

On reasonable written request, no more than once per year unless required by a supervisory authority, we will make available information reasonably necessary to demonstrate compliance with this DPA, and we will allow for and contribute to audits conducted by you or an auditor you mandate, subject to reasonable confidentiality and scheduling requirements.

9. Deletion and return

You can delete your account from the dashboard at any time. Upon account deletion we delete personal data processed on your behalf within 30 days, except where retention is required by law or for limited security, fraud prevention, and accounting records. Residual copies may persist for a limited period in our storage providers’ standard recovery systems and are then automatically purged.

10. Liability and governing law

Liability under this DPA is subject to the limitations and exclusions in the Terms of Service, and this DPA is governed by the same law and venue as the Terms of Service.

Contact

Questions about this DPA: support@agentcentral.to.