← Quantlix

Standard Data Processing Agreement (template)

Template for review. Executed DPAs are countersigned by Navego AB. Use your browser's print function to save as PDF. Contact security@quantlix.ai for execution.

1. Parties

This Data Processing Agreement ("DPA") forms part of the agreement between the customer ("Controller") and Navego AB, org. no. [registration number], Lillängsvägen 21, 131 41 Nacka, Sweden ("Processor" / "Quantlix") for the Quantlix AI runtime control plane services.

2. Subject matter and duration

Processor processes personal data on behalf of Controller as described in the main service agreement, for the duration of the subscription or trial, plus retention periods required by law or the DPA.

3. Nature and purpose

Hosting, operation, and security of the Quantlix platform; runtime policy enforcement; observability and audit exports as configured by Controller; account and billing administration.

4. Types of personal data & data subjects

As determined by Controller: may include account identifiers, usage metadata, prompts or content submitted to deployments, and audit logs. Data subjects may include Controller's employees, end users, and customers.

5. Processor obligations (summary)

  • Process personal data only on documented instructions from Controller.
  • Ensure personnel confidentiality and access on need-to-know basis.
  • Implement appropriate technical and organizational measures (Annex II).
  • Assist with data subject requests and DPIAs where applicable.
  • Notify Controller of personal data breaches without undue delay.
  • Delete or return personal data at end of services, subject to legal retention.

6. Subprocessors

Controller authorizes use of subprocessors listed at quantlix.ai/trust/subprocessors (version 1, effective 2026-06-03). Processor will notify Controller of material changes per the notice period in the main agreement.

Annex II — Security measures (summary)

  • Encryption in transit (TLS); encryption at rest for credentials and backups.
  • MFA, RBAC, API key scoping, and audit logging.
  • Incident response and vulnerability management program.
  • EU-hosted managed cloud option; self-hosted deployment available.

Full customer-facing summary: Trust center — Security overview

Signatures

[To be completed upon execution]

← Back to DPA

Questions? support@quantlix.ai. Controller: Navego AB, Lillängsvägen 21, 131 41 Nacka, Sweden.

Standard DPA template — Quantlix — Quantlix