Data Processing Addendum
This Data Processing Addendum supplements the ActionPlane commercial agreement or Terms of Use when ActionPlane is used to process personal data on behalf of a customer. It summarizes the standard processor-side commitments available for enterprise engagements.
1. Scope and precedence
This DPA applies when Zencraft Consultancy Pvt Ltd processes personal data in connection with ActionPlane on behalf of the customer. If a signed order form or negotiated DPA conflicts with this page, the signed agreement controls.
2. Roles of the parties
- The customer acts as controller or business for the personal data it submits to or processes through ActionPlane.
- Zencraft Consultancy Pvt Ltd acts as processor or service provider to the extent required for providing the service.
- Some provider relationships may involve the customer directly where the customer brings its own cloud, model, or system credentials.
3. Subject matter and data categories
ActionPlane may process the following categories of data, depending on configuration and use:
- Workspace user accounts, administrator identities, and operator metadata.
- Action definitions, prompts, approval records, review notes, comments, and workflow state.
- Connector metadata, activation sessions, API identifiers, and integration payloads.
- Audit events, run logs, webhook payloads, queue events, and incident records.
- Support, billing, and contract records.
4. Customer obligations
- The customer must provide lawful instructions and have a legal basis for the data processed through ActionPlane.
- The customer is responsible for data accuracy, notices, consent where required, and the configuration of retention or deletion policies applicable to its environment.
- The customer must not submit data to ActionPlane that it is not authorized to process.
5. Zencraft obligations
- We will process personal data only to provide, secure, support, and administer ActionPlane, or as otherwise required by law.
- We will apply reasonable technical and organizational measures appropriate to the nature of the service and the risks involved.
- We will ensure personnel with access to customer data are bound by confidentiality obligations.
6. Subprocessors and providers
ActionPlane may rely on cloud, storage, queueing, authentication, monitoring, billing, email, and model providers to operate the service. Enterprise engagements may receive additional subprocessor transparency through procurement or contract documentation.
7. International transfers and security measures
Where personal data is transferred internationally, we will rely on contractual, technical, or provider-based safeguards appropriate to the deployment model and applicable law. Security controls are summarized on our Security Policy page.
8. Deletion, return, and data subject requests
- At the end of the service relationship, data will be returned, deleted, or retained according to the applicable contract, product capabilities, and legal requirements.
- Where we receive a data-subject request directly relating to customer-controlled data, we may direct the requester to the customer or notify the customer as appropriate.
- Customers seeking a countersigned DPA or enterprise review can contact legal@actionplane.ai.
ActionPlane is a product of Zencraft Consultancy Pvt Ltd.
For legal notices, security reports, and support questions about ActionPlane, use the published channels below.