Q
QuelyxAI Intake OS for Freight Ops

Legal

Data Processing Addendum (DPA)

This DPA describes how Quelyx processes and protects Customer Data when providing the Quelyx services.

1. Purpose & Scope

Quelyx processes freight documents (including but not limited to Bills of Lading, Invoices, Packing Lists, and related emails) solely to provide its AI-powered document intake and workflow automation services (“Services”). Quelyx will not process Customer Data for any purpose other than delivering the Services.

2. Data Ownership

The Customer retains full ownership and control of all documents, emails, metadata, and extracted fields (“Customer Data”). Quelyx obtains no rights to Customer Data except the limited right to process it as necessary to provide the Services to the Customer.

3. No Training on Customer Data

Quelyx does not use Customer Data to train, fine-tune, or improve any AI models. All AI processing occurs via enterprise-grade inference systems that do not retain or learn from Customer Data.

4. Data Storage & Security

Quelyx implements industry-standard technical and organizational measures to protect Customer Data, including:

  • Encrypted storage of documents and metadata.
  • Encrypted data-in-transit (TLS 1.2+).
  • Access logging for document and data access.
  • Role-based access controls for authorized users.
  • Document deletion on demand at the Customer’s request.

5. Sub-Processors

Quelyx may use secure infrastructure providers (such as cloud hosting and AI inference providers) to deliver the Services. Such sub-processors are bound by obligations consistent with this DPA and are not permitted to train on or retain Customer Data beyond what is necessary to provide their infrastructure services.

6. Confidentiality

Quelyx treats all Customer Data as confidential. Quelyx personnel access Customer Data only when necessary to provide support, resolve issues, or improve extraction quality for the Customer and are subject to confidentiality obligations.

7. Data Isolation (Optional)

Upon request, Quelyx can provision a logically isolated tenant for the Customer, including separate database collections and storage namespaces, to increase data isolation and privacy.

8. Data Retention & Deletion

Customer Data is retained only as long as the Customer account is active or as required to deliver the Services. The Customer may request deletion of specific documents, document batches, or all Customer Data. Quelyx will fulfill deletion requests within seven (7) days, unless a different period is mutually agreed in writing.

9. Breach Notification

In the event of a confirmed unauthorized access to Customer Data, Quelyx will notify the Customer without undue delay and, in any case, within seventy-two (72) hours after becoming aware of the incident. Quelyx will provide details of the incident, its impact, and remediation actions taken.

10. Governing Law

This DPA is governed by the same law and jurisdiction as the main agreement between the Customer and Quelyx.

For a signed copy of this DPA or to discuss custom data-processing requirements, contact us at security@quelyx.com.