Data Processing Agreement

This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Forged Apps LLC (“Processor”, “we”, “us”, or “our”) and the Customer (“Controller”, “you”, or “your”) and reflects the parties’ agreement with regard to the Processing of Personal Data.

1. Definitions

“GDPR” means the General Data Protection Regulation (EU) 2016/679
“Personal Data” means any information relating to an identified or identifiable natural person
“Processing” means any operation performed on Personal Data
“Data Subject” means the individual to whom Personal Data relates
“Sub-processor” means any Processor engaged by Forged Apps LLC

2. Processing of Personal Data

2.1 Roles of the Parties

The Customer is the Controller of Personal Data
Forged Apps LLC is the Processor of Personal Data
We process Personal Data only on your documented instructions

2.2 Details of Processing

Nature and Purpose of Processing:

Providing Forge app functionality within Atlassian products
Customer support services
Payment processing
Anonymous product analytics

Types of Personal Data:

User identification data (Atlassian account information)
Usage data
Payment information (processed through Stripe)
Support communication data

Categories of Data Subjects:

Customer’s authorized users
Customer’s end users
Customer’s employees or contractors

3. Obligations of the Processor

3.1 Security Measures

We implement appropriate technical and organizational measures including:

Data encryption in transit and at rest
Access control and authentication
Regular security assessments
Secure development practices
Infrastructure security monitoring

3.2 Confidentiality

All personnel are bound by confidentiality obligations
Access to Personal Data is strictly limited to authorized personnel
Regular training on data protection and security

3.3 Sub-processors

We use the following sub-processors:

Atlassian (Forge platform infrastructure)
Stripe (payment processing)
Brevo (customer support)
PostHog (anonymous analytics)

We will:

Inform you of any intended changes concerning sub-processors
Give you the opportunity to object to such changes
Ensure sub-processors provide sufficient guarantees of GDPR compliance

3.4 Data Subject Rights

We will:

Assist you in responding to Data Subject requests
Implement appropriate technical measures to support Data Subject rights
Notify you of any direct requests from Data Subjects

3.5 Personal Data Breach

We will:

Notify you without undue delay of any Personal Data breach
Provide detailed information about the breach
Assist in meeting breach notification obligations

3.6 Data Protection Impact Assessment

We will:

Assist you in carrying out Data Protection Impact Assessments
Provide necessary information for prior consultations with supervisory authorities

4. Return or Deletion of Data

Upon termination of services, we will:

Delete or return all Personal Data as requested
Delete existing copies unless legally required to retain them
Provide certification of deletion upon request

5. Audit Rights

We will:

Make available all information necessary to demonstrate compliance
Allow for and contribute to audits and inspections
Immediately inform you if an instruction infringes GDPR

6. Data Transfers

We will:

Process Personal Data only in countries with adequate data protection
Implement appropriate safeguards for any international transfers
Comply with EU Standard Contractual Clauses where applicable

7. Term and Termination

This DPA:

Commences with the acceptance of our Terms of Service
Remains in effect until all Personal Data is deleted
Survives termination of the main agreement regarding existing Personal Data

Contact Information

For privacy-related inquiries:

Email: [email protected]
Response Time: Within 24 hours

Last Updated: March 25, 2024