1. Purpose
DEX Agent exists to enable secure, intelligent, and autonomous communication between humans, enterprise systems, and AI-driven business workflows across messaging channels such as RCS, chat, voice, APIs, and event-driven integrations. It is designed to operate inside the deterministic policy boundary of the DataInbox runtime, so that every communication action is governed, auditable, and aligned with the operator's business rules.
2. Data Collection
DEX Agent may process communication metadata and message content necessary to:
- Route messages between connected services.
- Validate business instructions and message integrity.
- Trigger automated workflows and enterprise actions.
- Maintain operational logging for security and auditability.
- Support troubleshooting, incident response, and service improvement.
DEX Agent only processes the data required to execute intended communication workflows. It does not collect data for advertising, profiling outside of the operator's context, or resale.
3. Data Privacy and Ownership
Data processed by DEX Agent remains under the governance of the organization operating the DataInbox infrastructure. DataInbox does not claim ownership over customer data processed within deployed environments. Where DataInbox processes personal data on behalf of a customer, it acts as a processor under the customer's instructions, in line with GDPR and applicable data protection law. Data residency and deployment model (SaaS EU or US, private cloud, self-hosted, air-gapped) are selected by the operating organization.
4. Security Principles
DEX Agent operates under enterprise-grade security principles including:
- Controlled API authentication and key rotation.
- Validation of incoming communication requests.
- Runtime policy enforcement through a deterministic engine.
- Secure, encrypted message routing between authorized systems.
- Tenant isolation and role-based access control.
- Immutable, hash-chained audit logging of communication actions and decisions.
5. AI and Automated Decisions
DEX Agent may use AI models to interpret messages, classify intent, trigger workflows, and automate communication responses. Language models propose actions, the DataInbox policy engine enforces them. The operating organization remains responsible for defining business rules, approval boundaries, escalation paths, and the disclosures shown to end users about interaction with an automated system, as required by the EU AI Act and consumer protection rules.
6. Acceptable Use
Users may not use DEX Agent for:
- Spam or unsolicited messaging.
- Fraudulent communication activity, including phishing and impersonation.
- Unauthorized access attempts or evasion of rate limits and consent rules.
- Harmful, illegal, abusive, or harassing messaging behavior.
- Disinformation campaigns or large-scale automated manipulation.
- Violations of communication platform provider policies (RCS, SMS, voice, chat).
7. Third-Party Integrations
DEX Agent may connect to third-party communication providers, language model providers, APIs, CRM and helpdesk systems, and infrastructure services. Those providers may apply their own service terms, privacy notices, and compliance requirements. The operating organization is responsible for reviewing and accepting those terms where relevant. DataInbox selects providers that support the platform's security and governance posture.
8. Data Retention
Communication metadata, message content, and audit records are retained for the period required by the operator's business workflows, regulatory obligations, and contractual commitments. Retention windows are configurable per workspace. On termination, data is handled according to the executed service agreement, including export and deletion timelines.
9. Enterprise Ownership
DEX Agent is a native component of the DataInbox programmable messaging infrastructure and serves as a reference implementation for enterprise autonomous communication systems. All rights in the agent, models, prompts, and orchestration logic remain with DataInbox and its licensors. Operating organizations retain ownership of their content, configurations, and business data.
10. Your Rights and Contact
Individuals whose personal data is processed by an operator using DEX Agent can exercise data subject rights (access, rectification, erasure, restriction, portability, objection) by contacting the operating organization, which acts as the data controller. Questions about the platform itself can be directed to DataInbox.
11. Policy Updates
This policy may be updated as services, integrations, security standards, and platform capabilities evolve. Material changes will be communicated through the DataInbox website or in-product notifications. The Effective Date at the top of this page reflects the latest revision.

