GDPR compliance

1. Terminology

Easy Software is the provider of the Easy8.ai service, which helps organisations design and implement AI‑driven automation. The following definitions apply to this document:

• Data Controller – the entity that determines the purposes, conditions and means of the processing of personal data. For the purpose of this document, it is your organisation.

• Data Processor – the entity that processes data on behalf of the Data Controller. When Easy Software processes personal data in the course of delivering automation services via Easy8, it does so strictly according to the Data Controller’s instructions and acts as the Data Processor.

Easy8.ai is a service, not a stand‑alone software product. It may or may not be used to process personal data, depending on the data which are subject of automations and integrations you choose to build.

 2. Introduction

Easy Software, as the provider of Easy8.ai integration and automation services, follows EU regulations and so helping Data Controllers to fulfil their obligations arising out of the General Data Protection Regulation (GDPR). This document provides general information concerning Easy Software acting as a Data Processor when personal data are handled as part of our automation services. As a company headquartered in the European Union, Easy Software will ensure that all processes, contracts, suppliers, data access and other arrangements are fully compliant with GDPR requirements.

This document is purely informational and does not include any binding provisions. Data Controller is expected to enter into Data protection Agreement with Easy Software as Data Processor.

 3. Easy8.ai for all Data Controllers

Delivering Easy8.ai services, we follow demands of GDPR and your information security:

• Extended password and authentication policy – all tools used for Easy8.ai and internal systems of Easy Software enforcing minimum password length, the use of uppercase and lowercase letters, numbers and special characters, setting password expiration and repetition limits, and automatically logging users off after inactivity. Where possible we use two‑factor authentication and strict session management.

• Minimal Access: We always navigate Easy*.ai projects to use minimal-possible permission level to client’s information system, use dedicated users for automation and use maximum available authentication protection. Our tools allows us to develop integrations and automation s against client’s test environment to avoid impact on production systems during development and testing.

• Data Storing alerts – In most of the workflows, data are not stored at rest. If so, such nodes or workflow steps are clearly identified during development and validated with client for security and GDPR compliance. Similarity.

• Visual data trackability: If personal data are subject of delivered workflows and integrations, it is clearly tracked in visual form how the data are processed. It is also clearly trackable whether personal data interacts with connected AI language models if any.

• Limited data visibility –Our tools allow us to develop integrations and automation s against client’s test environment to avoid impact on production systems during development and testing. And switch them easy and well managed to production. 

 4. How to use Easy8.ai in line with GDPR

• Identify what personal data you handle within your automations – such as user profiles or contacts in your workflows.

• Define who needs access – verify your workflow scenario with this principle.

• Enforce strong passwords, 2FA and regular password rotation. Create accounts for integration access.

• Establish internal procedures for personal data deletion and determine how long audit logs should be retained.