authex

Legal · Last updated 22 May 2026

Data Processing Addendum

The terms that apply when Authex processes personal data on behalf of a customer. Forms part of the Terms of Service.

01

Parties and roles

This addendum is entered into between the customer (controller) and Authex Labs Ltd (processor). It forms part of the Terms of Service and governs any processing of personal data carried out by Authex on the customer's behalf.

02

Subject matter and duration

The subject matter is the personal data processed by Authex to provide the service to the customer. Processing continues for as long as the customer maintains an active account and for any retention period required by law.

03

Nature and purpose of processing

Authex processes personal data to scan domains, manage email-authentication protocols, ingest DMARC and TLS reports, send service notifications, and support the customer.

04

Categories of data and data subjects

Data: account holder name, work email, organization, domain configurations, aggregate report content (which may incidentally contain mailbox identifiers).

Data subjects: the customer's staff and the customer's mail senders and recipients to the extent they appear in DMARC or TLS reports.

05

Subprocessors

Authex uses subprocessors to operate the service (cloud hosting, transactional email, payment processing, customer support). The current list is available at privacy@authexlabs.com. We will give the customer reasonable notice of any new subprocessor and an opportunity to object.

06

Security measures

Authex implements appropriate technical and organisational measures: encryption in transit and at rest, least-privilege access control, mandatory MFA for staff, regular vulnerability scanning, and incident response procedures.

07

Data subject rights

Authex will assist the customer in responding to requests from data subjects exercising rights under applicable data protection laws, including access, correction, deletion, restriction, and portability.

08

International transfers

Where data is transferred outside the UK or the EEA, transfers are made under appropriate safeguards, including Standard Contractual Clauses, supplemented as necessary.

09

Audits and breach notification

On reasonable notice and no more than once per year, the customer may audit Authex's compliance with this addendum. Authex will notify the customer of any personal data breach without undue delay and provide the information needed for the customer to meet its own notification obligations.

Questions? Email legal@authexlabs.com.