Data Processing & Security

Last updated: 10 June 2026

This page summarises how Futurebridge Agents (operated by Futurebridge Consulting) processes customer data and the security measures we apply. For paid engagements, these terms are formalised in a signed Data Processing Addendum ("DPA") that forms part of your agreement.

1. Roles

For customer data within your connected systems, you are the data controller and Futurebridge acts as your data processor, processing data only on your documented instructions to provide the services.

2. Scope of processing

Subject matter: provision of bespoke AI agents and integrations.
Duration: the term of your agreement, plus any agreed retention period.
Nature & purpose: reading, processing, and writing data across the systems you connect, to perform the workflows you configure.
Data subjects & categories: as determined by the systems you connect (e.g. your customers, employees, prospects).

3. Model training

We do not use your customer data to train shared or foundation models. Where third-party model providers are used, we contract for zero-retention / no-training processing where available, and a zero-retention mode can be enabled for your account.

4. Security measures

Encryption of data in transit (TLS) and at rest.
Role-based access control, SSO, and least-privilege access for our personnel.
Comprehensive audit logging of agent actions.
Network isolation options, including single-tenant VPC and on-prem deployments.
SOC 2 Type II program in progress; current attestation available under NDA on request.
Secure software development lifecycle and regular vulnerability management.

5. Data location

EU and US hosting regions are available and selected per customer. International transfers, where they occur, are covered by appropriate safeguards such as the EU Standard Contractual Clauses.

6. International transfers & breach notification

We will notify you without undue delay after becoming aware of a personal-data breach affecting your data, and provide the information reasonably needed to meet your own notification obligations.

7. Sub-processors

We use the following categories of sub-processors to deliver the service. We maintain appropriate data-protection terms with each and will give notice of material changes.

Cloud hosting & edge: our infrastructure and content-delivery provider (EU/US regions).
AI model providers: the foundation-model vendors used to power agents, configured for no-training where available.
Email delivery: transactional email for notifications and service communications.
Analytics: privacy-friendly, cookieless website analytics.

8. Data deletion

On termination or request, we will return or delete customer data in accordance with your agreement, subject to any legal retention requirements.

9. Requesting the signed DPA

To execute a signed DPA or request our current sub-processor list and security documentation, contact [email protected].

This is a summary template, not the executed DPA and not legal advice. Replace the sub-processor categories with your named vendors and have counsel review before relying on it for procurement.