tencent cloud

Cloud Virtual Machine

ドキュメントCloud Virtual MachineAgreementsTencent Cloud ClawPro Data Processing and Security Agreement (DPSA)

Tencent Cloud ClawPro Data Processing and Security Agreement (DPSA)

Download
フォーカスモード
フォントサイズ
最終更新日: 2026-07-15 17:59:16
This Data Processing and Security Agreement ("DPSA") forms part of, and is supplemental to, the agreement between the Customer and Tencent Cloud International Pte. Ltd. ("TCI", "we", "us") for the provision of the Tencent Cloud ClawPro service ("ClawPro" or the "Service") made available via the Tencent Cloud International platform at https://www.tencentcloud.com/ (the "Principal Agreement"). This DPSA governs the processing by TCI, as the processor, of Customer Personal Data in connection with the Service.
This DPSA applies specifically to Tencent Cloud ClawPro. Because ClawPro is an agentic AI product that does not fall within any standard Tencent Cloud product category, this DPSA is a standalone, product-specific processing agreement and operates in addition to (and, in respect of ClawPro, prevails over) the Tencent Cloud International umbrella DPSA to the extent of any conflict.
Relationship to the umbrella structure: Tencent Cloud International adopts a hybrid model in which an umbrella privacy policy(TCI as controller) and an umbrella DPSA (TCI as processor) cover products generally, supplemented by category-specific documents. As ClawPro cannot be assigned to a product category, this DPSA — together with the ClawPro Privacy Policy — constitutes the ClawPro-specific privacy documents.

1. Definitions

1.1 Terms not defined here have the meaning given in the Principal Agreement or, where applicable, in the relevant Data Protection Laws.
1.2  "BYOK" means the bring-your-own-key model under which the Customer selects and supplies the large language model ("LLM") and associated API keys used with the Service.
1.3  "Customer Content" means the prompts, queries, conversation history, uploaded files and documents used for agent context, AI-generated Outputs, instant-messaging content exchanged through integrated channels, vector embeddings of Customer content, and the Customer's configuration settings, that are submitted to or generated through the Service and stored on the Customer's own Cloud Virtual Machine (CVM) instance.
1.4 "Customer Personal Data" means any personal data contained within the Customer Content that TCI processes on behalf of the Customer under this DPSA, as further described in Annex A.
1.5  "Data Protection Laws" means all data protection and privacy laws applicable to the processing of Customer Personal Data under this DPSA, including in the launch jurisdictions the Singapore Personal Data Protection Act 2012, the Hong Kong Personal Data (Privacy) Ordinance, the Thailand Personal Data Protection Act B.E. 2562, and Indonesia Law No. 27 of 2022 on Personal Data Protection.
1.6  "Controller", "Processor", "Data Subject", "Personal Data Breach" and "Sub-processor" have the meanings given under the applicable Data Protection Laws.
1.7 "PRC" means the mainland of the People's Republic of China, and for the purposes of this agreement, excluding Hong Kong and Macau Special Administrative Regions and Taiwan region.
1.8 "SCCs" means the standard contractual clauses approved or recognised by the competent data protection authority as lawful safeguards for the international transfer of personal data.
1.9  "User" means an administrator or authorised end user of the Customer.

2. Roles of the Parties

2.1  The parties acknowledge that, in respect of Customer Personal Data contained in Customer Content (namely Inputs and Outputs, and Configuration Information as described in Annex A), the Customer is the Controller and TCI is the Processor acting on the Customer's behalf and on its documented instructions.
2.2  This DPSA does not apply to personal data for which TCI acts as the controller (including account and identity data, payment data, billing and consumption data, diagnostic and usage data and compliance records). TCI's processing of such data as the controller is described in the ClawPro Privacy Policy.
2.3  The Customer represents and warrants that it has provided all required notices to and obtained all required consent from its Users or has established other valid lawful basis under the applicable Data Protection Law in respect of the processing of the Customer Personal Data, including transferring the Customer Personal Data to TCI for the processing.

3. Scope and Instructions

3.1  TCI shall process Customer Personal Data only: (a) to provide and operate the Service in accordance with the Principal Agreement; (b) on the Customer's documented instructions, which include the Principal Agreement, this DPSA, as well as any instructions provided via the Customer's admin console, including with regard to transfers. TCI shall notify the Customer promptly if it is unable to comply with this DPSA or any documented instructions given by the Customer.
3.2  The subject matter, duration, nature and purpose of the processing, the types of Customer Personal Data, and the categories of Data Subjects are set out in Annex A.
3.3  BYOK and forwarding only: The Customer acknowledges that the Service operates on a BYOK basis. ClawPro forwards Customer Content to the Customer-selected LLM providers for inference and returns the Outputs to the Customer. ClawPro does not itself determine which LLM is used.
3.4  No model training. TCI shall not use Customer Personal Data to train, fine-tune or improve any AI or machine-learning model. The Customer confirms that model selection and use are determined by the Customer.
3.5  TCI shall inform the Customer if, in its opinion, an instruction infringes applicable Data Protection Laws.

4. Confidentiality

4.1  TCI shall ensure that persons authorised to process Customer Personal Data are subject to appropriate confidentiality obligations and are subject to review, and that access to Customer Personal Data is strictly limited to personnel who require it to provide the Service.

5. Security Measures

5.1  Taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing, TCI shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures are set out in Annex B.
5.2  The Customer is responsible for its own configuration and use of the Service, including management of member permissions via the admin console, control of access rights to the Customer Content stored on its CVM, selection of LLM providers, Skills and connectors, and the security of the API keys it supplies.

6. Sub-processing and Third Parties

6.1  The Customer provides a general authorisation for TCI to engage Sub-processors to support the provision of the Service. TCI shall impose data protection obligations on such Sub-processors that are no less protective than those in this DPSA, by way of data processing agreements and commitment letters, and shall remain liable for their performance.
6.2  Customer-selected third parties. The Customer and its Users may select and authorise third-party LLM providers (via BYOK), Skills, MCP connectors, and IM platforms (Slack, WhatsApp, Microsoft Teams, Discord, Lark). Such third parties act as independent controllers or independent processors engaged by the Customer, and process Customer Content under their own terms and privacy policies. They are not Sub-processors of TCI, and TCI is not responsible for their processing.
6.3  TCI shall inform the Customer of any intended addition or replacement of Sub-processors, giving the Customer the opportunity to object on reasonable data-protection grounds.

7. International Transfers and Remote Access

7.1  Customer Personal Data is stored on the Customer's CVM instance within the launch regions: Singapore, Hong Kong, Thailand and Indonesia.
7.2  TCI's first-line troubleshooting is provided by its customer support team in the launch regions. The PRC-based R&D team is engaged only for complex technical issues, and where remote access is necessary, only the limited Customer Personal Data required for troubleshooting is accessed. There is no transfer of Customer Personal Data to the PRC, save for such limited remote access strictly necessary for troubleshooting.
7.3  Where any transfer to or remote access of Customer Personal Data from a third country outside the jurisdiction where the Customer is located occurs, it is carried out in reliance on Tencent Cloud International's intra-group data transfer agreement incorporating the applicable SCCs and supported by transfer impact assessments and other appropriate safeguards required under applicable Data Protection Laws.

8. Assistance to the Customer

8.1  Taking into account the nature of the processing, TCI shall assist the Customer by taking appropriate technical and organisational measures, insofar as possible, in fulfilling the Customer's obligations to respond to requests from Data Subjects exercising their rights. The Service provides self-service tools: Users may access, copy, correct, delete, deregister or withdraw consent via the user console, and enterprise administrators may perform member and configuration management via the admin console.
8.2  TCI shall assist the Customer in ensuring compliance with its security, breach-notification, and, where applicable, data protection impact assessment obligations, taking into account the information available to TCI.

9. Personal Data Breach

9.1  TCI shall notify the Customer without undue delay after becoming aware of a Personal Data Breach affecting Customer Personal Data, and shall provide the Customer with sufficient information to enable the Customer to meet any obligations to report or notify the breach under applicable Data Protection Laws.
9.2  TCI maintains early-warning mechanisms and incident response plans, and shall take reasonable steps to mitigate the effects of, and to minimise any damage resulting from, a Personal Data Breach.

10. Retention, Return and Deletion

10.1  Instance-based storage: Customer Content, including any Customer Personal Data, is stored on the Customer's own CVM instance and is managed and controlled by the Customer. Retention is measured by reference to the CVM instance, not the Customer account. So long as an instance remains active (or has not been deleted), the Customer Content on it is retained; retention periods end from the point at which the relevant instance is deleted or otherwise ceases to exist. Once the Customer deletes the instance, all such data is permanently erased and cannot be recovered, and no automatic backup is performed.
10.2  Relationship between instances and account: Because Customer Content resides on the Customer's instances, the Customer cannot delete its account while an instance remains active. The Customer must first delete (or allow the expiry of) its instances; account deletion is then consequent upon, and subsequent to, deletion of the underlying instances. The periods set out in the table below are maximum retention periods (i.e. Customer Personal Data is retained for no longer than the stated period); it may be deleted sooner where it is no longer required.
Category of Customer Personal Data
Retention Period
Inputs and Outputs — prompts/queries to AI agents, AI-generated responses, conversation history, uploaded documents for agent context, vector embeddings of user content, IM account identifiers, and IM message content.
Retained on the Customer's CVM instance within 1 year after the account/service is terminated.
Configuration Information — AI model configuration (selected model name, provider, version, API key), channel configuration (channel type, API key, enable/disable status, webhook URL, channel name/ID), and Skill configuration (enabled skill, version).
Retained on the Customer's CVM instance within 1 year after the account/service is terminated.
10.3  On termination of the Service, TCI shall, at the Customer's choice, delete or return the Customer Personal Data in TCI's possession, and delete existing copies unless applicable law requires continued storage. As the Customer controls the CVM instance and retention is instance-based, deletion of the relevant instance by the Customer effects permanent erasure of the Customer Content stored on it.

11. Audit

11.1  TCI shall make available to the Customerinformation reasonably necessary to demonstrate compliance with this DPSA and shall allow for and contribute to audits, including inspections, conducted by the Customer or an auditor mandated by the Customer, subject to reasonable notice and frequency, confidentiality obligations, andTCI's security and operational requirements.

12. Agentic AI Safeguards

The parties acknowledge the following product-level safeguards implemented in ClawPro that are relevant to the processing of Customer Personal Data:
high-risk action controls:  ClawProimplements measures to prevent disclosure of sensitive credentials (API keys, access tokens, secrets), agent permission management and tool access control, runtime execution restrictions, audit logging and activity tracking, and optional approval workflows for high-risk actions;
scope limitation:  the agent operates within the Customer's CVM environment and does not access desktop files. It cannot write to or modify data outside the scope of the User's request;
prohibited actions:  prohibited actions (including illegal or unlawful activities) are blocked through User-prompt filtering, and the User is informed accordingly;
kill switch:  enterprise administrators can delete agents, immediately halting agent activity; and
AIGC labelling:  explicit and implicit labels are added to AI-generated content.

13. General

13.1  In the event of any conflict between this DPSA and the Principal Agreement or the umbrella DPSA in relation to the processing of Customer Personal Data for ClawPro, this DPSA prevails.
13.2  This DPSA is governed by the law and subject to the jurisdiction specified in the Principal Agreement, except to the extent that Data Protection Laws require otherwise.

Annex A — Description of Processing

Subject matter and duration

Processing of Customer Personal Data contained in Customer Content for the purpose of providing the ClawPro AI agent management service, for the duration of the Principal Agreement and the retention periods set out in Section 10.

Nature and purpose of processing

To operate and provide the ClawPro AI agent features to the Customer, to provide IM channel integration services, and to forward Customer Content to the Customer-selected LLM providers for inference and return the Outputs— all on the Customer's instructions. ClawPro forwards but does not itself substantively process Customer Content, and does not use it for model training.

Categories of Data Subjects

The Customer's Users and any other individuals to whom the Customer Personal Data relates.

Types of Customer Personal Data

AI agent usage information:  selected AI model, channel configuration, skill configuration, conversation frequency, and AI agent creation/deletion records.
Inputs and Outputs:  user prompts/queries to AI agents, AI-generated responses, conversation history, uploaded documents used for agent context, vector embeddings of user content, and any other personal data contained in the content of the Inputs and Outputs.
IM channel information:  IM platform user unique identifier and message content sent through IM channels.
Configuration information:  AI model configuration (model name, provider, version, API key), channel configuration (type, API key, enable/disable status, webhook URL, channel name/ID), and Skill configuration (enabled skill, version).

Storage location

The Customer's own CVM instance within Singapore, Hong Kong, Thailand and Indonesia.

Annex B — Technical and Organisational Security Measures

ClawPro adopts the following technical and organisational measures:

Technical Measures

Transfer security: all data is transmitted over HTTPS/TLS encrypted channels.
Storage security: data is stored on Tencent Cloud CVM within the launch-region data centres, using a multi-tenant network isolation architecture where each enterprise's AI assistant runs on an isolated cloud server instance.
Access control: firewalls, port stealth, access control measures, and security-group (inbound/outbound network rule) configuration.
Four-layer AI defence-in-depth: security auditing, permission control, network isolation, and sensitive-content detection.
AIGC labelling: explicit and implicit labels are added to generated content.

Organisational Measures

Dedicated information-security management systems, processes and teams are established.
Personnel access to information is strictly limited; TCI staff are bound by confidentiality obligations and subject to review.
Regular information-security education and training for relevant TCI personnel.
Early-warning mechanisms and emergency response plans are in place; in the event of a breach, the response plan is activated and reporting/notification obligations are fulfilled per law.

Access Rights Management

Identity authentication via the Tencent Unified Identity platform.
Enterprise administrators manage member permissions and perform operation traceability (management operation logs) via the admin console.
Customer Content is stored on the enterprise's own CVM, with access rights controlled by the Customer itself.

Third-Party Variations

Third-party LLM providers (e.g. DeepSeek, Tencent Hunyuan) act as independent data processors/controllers and handle data per their own privacy policies or the Customer's instructions to them; IM platforms process data per their respective privacy policies. TCI requires third parties engaged by it to comply with equivalent data-protection requirements via data processing agreements and commitment letters.

ヘルプとサポート

この記事はお役に立ちましたか?

フィードバック