Last updated: 17 July 2026. Draft — subject to legal review.
This Data Processing Addendum ("DPA") forms part of the agreement between the customer ("Controller") and DeployBeat ("Processor") and applies where DeployBeat processes personal data on the Controller's behalf.
The Controller determines the purposes and means of processing; DeployBeat acts solely as Processor and processes personal data only on the Controller's documented instructions.
Processing consists of receiving Git event metadata, linking it to Jira issues, and computing delivery (DORA) metrics, for the duration of the app's installation.
Data: Git event metadata (commit, branch, merge-request and deployment references and URLs), Jira issue and project keys, and commit author name. Data subjects: the Controller's developers referenced in that Git and Jira activity.
DeployBeat will: process only on documented instructions; keep personnel bound by confidentiality; implement the measures in our Security Overview; assist with data-subject requests and breach obligations; and make available information needed to demonstrate compliance.
The Controller authorizes the sub-processors in our Privacy Policy (Atlassian, Railway, Cloudflare), under equivalent data-protection obligations.
Where personal data of individuals in the EEA, UK or Switzerland is transferred to a country without an adequacy decision, the parties incorporate the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914), controller-to-processor module. Equivalent UK and Swiss mechanisms apply where relevant.
On uninstall or written request, DeployBeat deletes the Controller's personal data; uninstall triggers automatic erasure.