Legal

Automated decisions and human oversight

Ultron runs autonomous agents that plan and act. When an agent does something that reaches outside your workspace or carries real consequence, the platform is built to put a human in control of the moment that matters. This page documents where automated processing happens, the design of the human approval gate, how that design supports your obligations under Article 22 of the GDPR, and the division of responsibility between you as controller and Ultron as processor. It is written to be relied on by a data protection officer assessing the platform.

Updated today

Overview

At a glance
Autonomous planning
Yes, drafting and planning run automatically
Consequential actions
Routed through a human approval gate
Solely automated significant decisions
Not made without a route to human intervention
Human intervention
Available at every point in a run
Legal basis frame
GDPR Article 22 and Articles 13 to 15
Audit trail
Every agent action logged with actor, action, target, time
Contact
privacy@51ultron.com

Autonomy is the product. Autonomy without oversight is a liability. The platform resolves that tension by drawing a hard line between thinking and acting. Reasoning, drafting, planning, retrieval, and rendering run automatically because they are reversible and never leave your workspace. Actions with external effect are treated as decisions: they are surfaced for a human choice rather than executed silently. This page explains exactly where that line sits and what it means for compliance.

Definitions

TermMeaning
Automated decisionA decision reached by automated processing without meaningful human involvement in the decision itself
Solely automatedMade with no meaningful human assessment that can influence the outcome. A rubber-stamp is not meaningful involvement
ProfilingAutomated processing of personal data to evaluate, analyse, or predict aspects of a person
Significant effectA legal effect on a person, or a similarly significant effect, such as a hiring, credit, or access decision
Approval gateThe human-in-the-loop checkpoint that pauses a run before an action with external effect executes
External effectAn action that changes something outside your workspace or contacts a third party
Controller and processorAs defined in the GDPR. You are typically the controller; Ultron is your processor

Two classes of activity

Every agent step falls into one of two classes, handled differently by design.

ClassExamplesHow it runs
Reversible, in-workspaceDrafting copy, building a plan, analysing data, retrieving from memory, rendering a canvas, scoring optionsRuns automatically. Nothing leaves your workspace and anything can be discarded
External or consequentialSending email, posting content, spending budget, writing to a connected system, contacting a third party, triggering an irreversible operationSurfaced through the approval gate and held until a human decides

The classification is by effect, not by how confident the model is. A high-confidence draft of an outreach email is still only a draft until a human releases it. The model's certainty never substitutes for the human decision on a step that leaves the building.

The approval gate

How it works

The human-in-the-loop approval gate is a first-class primitive in the platform, not a setting bolted on top. When an agent reaches a step that would have external effect, the run pauses, the proposed action is surfaced with its inputs and intended target, and it waits for an explicit decision. You approve, edit then approve, or reject. The technical mechanism of the pause, the persistence of the pause point, and how a run resumes are documented in the product docs under Human in the loop and Resume and approvals.

Run states at the gate

StateMeaning
ProposedThe agent has prepared an action with external effect and paused
Awaiting decisionThe action is shown to you and held; nothing has executed
ApprovedYou released the action; it executes and is logged
Edited and approvedYou changed the inputs, then released the edited action
RejectedYou declined; the action does not execute and the agent re-plans or stops
Tip
Enterprise workspaces can widen the set of actions that stop at the gate, so even more steps require a human before they run. To configure the gate for your account, contact privacy@51ultron.com.

Actions that require approval

The default classes of action that stop at the gate before executing.

Action classExampleDefault
Outbound communicationSending an email, posting to a channel, messaging a contactHeld for approval
SpendIncurring a cost, placing an order, committing budgetHeld for approval
PublishingPosting content to a public surface or a connected destinationHeld for approval
External writesCreating or changing a record in a connected third-party systemHeld for approval
Irreversible operationsDeleting external data, actions that cannot be undoneHeld for approval
In-workspace workDrafting, planning, analysis, retrieval, renderingRuns automatically

GDPR Article 22

The right

Article 22(1) of the GDPR gives a person the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning them or similarly significantly affects them. The right is engaged only where a decision is both solely automated and significant in effect.

How the platform supports it

The platform is designed so that an action with external effect does not execute on a solely automated basis: the approval gate inserts a meaningful human decision before the action runs, and that decision can change or stop the outcome. Used as designed, the consequential step is not solely automated, because a human assessment capable of influencing the outcome sits in front of it.

The exceptions and the safeguards

Article 22(2) permits solely automated significant decisions only where they are necessary for a contract, authorised by law, or based on explicit consent. Even then, Article 22(3) requires safeguards: at least the right to obtain human intervention, to express a point of view, and to contest the decision. If you choose to automate a significant decision end to end, you must rely on a valid exception and provide those safeguards to the affected person. The platform gives you the controls; the basis and the safeguards are your responsibility as controller.

Information about the logic

Articles 13(2)(f), 14(2)(g), and 15(1)(h) of the GDPR require that, where solely automated decision-making under Article 22 takes place, the controller provides meaningful information about the logic involved and the significance and envisaged consequences for the person. For workflows you build on Ultron, you are the controller and must provide that information. To help you, the platform records what inputs an agent used, what action it proposed, and the outcome, so you can describe the logic of a given decision in meaningful, non-technical terms to a person who asks.

Roles and responsibility

When you use Ultron to process the personal data of other people, you are the controller and Ultron is your processor under the Data Processing Addendum. You decide the purpose of a workflow and whether to automate a step end to end. You are responsible for the lawfulness of any decision you make with the agent's output, for relying on a valid Article 22 exception where you automate a significant decision, and for providing the required safeguards and information to the affected person. Ultron provides the oversight controls, the approval gate, and the audit trail that let you meet those duties.

Human intervention and contest

At any point in a run you can pause the agent, take over a step, edit a proposed action, or reject it before it executes. These are the means by which a human assessment enters the loop. Where you operate a workflow that affects other people, you should provide those people with a route to obtain human intervention, express a point of view, and contest a decision, as Article 22(3) requires. Data subjects whose personal data you process through Ultron should direct such requests to you as the controller; if a request reaches Ultron, it is forwarded to you as described in the Data Processing Addendum.

Reversal and remediation

Reversibility is the reason the gate sits where it does. Before an action executes, rejecting it leaves no external trace. After an action has executed, reversibility depends on the action: some can be undone, some cannot, which is why irreversible operations are held at the gate by default. If an action ran and you believe it was taken in error, contact us and a person will review the audit trail with you and help remediate where remediation is technically possible. We cannot unsend a delivered email, but we can help you understand exactly what happened and stop a pattern from repeating.

Audit trail

Every action an agent takes is recorded with the actor, the action, the target, and a timestamp, and is tied to a request id you can quote when you contact support. Proposed actions, approvals, edits, and rejections are recorded so the decision history of a run is reconstructable. Background jobs and tool calls are visible in the Background Jobs surface. The logging and monitoring controls behind this, including who can read the logs and how long they are kept, are documented on the Security page and the Privacy Policy.

Our own automated processing

Separately from the agents you run, Ultron applies automated processing to operate the service, for example anti-abuse and fraud signals on accounts. As stated in the Privacy Policy, we do not make decisions that produce legal effects on users solely by automated means: where an automated signal contributes to an account action that materially affects a user, a human reviews the outcome before the action is taken. For that processing Ultron is the controller and the Privacy Policy governs.

Relationship to the AI Act

The oversight design on this page also supports the human-oversight expectations of the EU AI Act for the uses to which it applies. Where your use of an agent falls into a high-risk category under the Act, additional obligations attach to you. Our reading of how the AI Act applies to the platform, and where your duties begin, is on the EU AI Act posture page.

Contact

Questions about automated processing, the approval gate, or Article 22 go to privacy@51ultron.com. The contractual framing of Ultron as your processor is in the Data Processing Addendum, and our own controller-side processing is in the Privacy Policy.