Intent logo
LegalEffective: February 21, 2026

Data Processing Addendum (DPA)

This DPA describes how Intent processes personal data for customers using feedback ingestion, reasoning, and optional repository workflows. Contract-specific terms in signed agreements supersede this summary where applicable.

DPA at a Glance
Controller
Customer
Processor
Intent
Purpose
Service delivery + security
Retention
Minimized by policy

Roles and Instructions

Customer is the data controller and determines lawful processing basis. Intent acts as processor and processes personal data only under customer instruction, service delivery needs, security operations, and legal obligations.

Subject Matter and Duration

Processing covers ingestion, analysis artifacts, and optional repository artifacts under the selected security mode. Processing duration is tied to service usage plus required retention for security, fraud prevention, and law.
Processing Lifecycle
1. Collect
Authorized data arrives through connected providers.
2. Process
Reasoning and artifact generation run under active mode policy.
3. Govern
Sensitive actions are gated and auditable per run.
4. Retire
Deletion and retention controls apply by policy and contract.

Data Categories

  • Identity and account data (email, integration state, account metadata).
  • Feedback content and metadata from authorized sources.
  • Repository metadata and generated patch artifacts when repo mode is enabled.
  • Operational and security logs for reliability and incident response.

Subprocessors and Transfers

Intent may use subprocessors for hosting and model operations. Cross-border transfer safeguards are applied according to applicable law and contractual requirements.

Security Measures

Controls include encryption in transit, access controls, server-side credential storage, runtime policy gating, and event logging for sensitive operations.

Deletion and Incident Support

Customers may request deletion of credentials and service artifacts subject to legal retention requirements. For confirmed incidents affecting customer data, Intent provides notification and remediation updates.