👨‍⚖️ Legal Information

Data Processing Agreement

Last updated: April 6, 2025

This Data Processing Agreement (the “Agreement”) is entered into by and between: JetHeads (“Data Processor”, “we”, “our”, “us”) and App Customer (“Data Controller”, “you”, “your”).

1. Background and Purpose

1.1 Purpose of Agreement

This Agreement outlines the terms and conditions under which JetHeads, as the Data Processor, will process personal data on behalf of the Data Controller, in connection with the use of the JetHeads apps (the “App”).

1.2 Scope of Data Processing

JetHeads processes data solely for the purpose of providing the App’s functionality, including monitoring app performance and ensuring stability.

2. Definitions

2.1 Personal Data

For the purposes of this Agreement, “Personal Data” means any information that relates to an identified or identifiable individual, as defined under the GDPR.

2.2 Processing

“Processing” refers to any operation or set of operations performed on Personal Data, including collection, storage, retrieval, and modification.

2.3 Data Subject

The “Data Subject” is an identified or identifiable individual whose Personal Data is processed by JetHeads under the terms of this Agreement.

3. Data Processor’s Obligations

3.1 Processing Data on Behalf of the Data Controller

JetHeads will only process Personal Data for the purposes defined by the Data Controller and in accordance with this Agreement. JetHeads will not process the Personal Data for any other purpose without the express written consent of the Data Controller.

3.2 Confidentiality and Security

JetHeads agrees to maintain the confidentiality and security of the Personal Data and to implement appropriate technical and organizational measures to ensure that Personal Data is protected against unauthorized or unlawful processing, accidental loss, destruction, or damage.

3.3 Log Collection and Monitoring

JetHeads will collect anonymous, non-personal logs (e.g., app performance metrics, error logs) for internal purposes such as app performance monitoring and error resolution. These logs do not contain Personal Data and are processed in compliance with applicable data protection standards.

4. Data Controller’s Obligations

4.1 Data Ownership

The Data Controller is the owner of the Personal Data processed through the App. The Data Controller is responsible for obtaining any necessary consents from Data Subjects, ensuring that the Personal Data provided to JetHeads is lawful under applicable data protection laws, and ensuring that any instructions to JetHeads for the processing of such data comply with GDPR and other applicable laws.

4.2 Access to Data

The Data Controller can review and disable the collection of logs via the Atlassian App Management settings at any time. The Data Controller retains full control over their data and its exposure.

5. Sub-Processors

5.1 Use of Sub-Processors

JetHeads may use third-party sub-processors (such as Atlassian’s Forge platform) to process Personal Data on behalf of the Data Controller. The sub-processors will only process the data under JetHeads’ instructions and subject to the same data protection obligations set forth in this Agreement.

5.2 Sub-Processor List

The sub-processors currently used by JetHeads include Atlassian, which operates the Forge infrastructure that runs the JetHeads apps. Any changes to the list of sub-processors will be communicated to the Data Controller in advance.

6. Security Measures

6.1 Data Security

JetHeads agrees to implement appropriate physical, technical, and organizational measures to protect the Personal Data from unauthorized access, disclosure, alteration, and destruction.

6.2 Forge Infrastructure

JetHeads’ app runs entirely on Atlassian’s secure infrastructure (Forge). As such, data processing and storage are done within the boundaries of Atlassian’s security protocols and are fully managed and controlled by Atlassian with no access by JetHeads.

7. Data Retention and Deletion

7.1 Retention Period

JetHeads does not store or control the Personal Data processed by JetHead apps. All data is stored within Atlassian’s secure infrastructure. All data is managed in accordance with Atlassian’s retention policies.

7.2 Data Deletion and Other Requests

Since JetHeads does not have access to the Personal Data, all requests for data deletion, access, correction, or any other data subject requests should be handled directly by Atlassian. The Data Controller may submit these requests via the Atlassian support or management interface, where Atlassian will ensure compliance with relevant data protection laws and perform the necessary actions in accordance with the Data Controller’s instructions.

8. Liability

JetHeads shall not be held liable for any data breaches, violations of GDPR, or other data protection laws arising from actions or omissions by the Data Controller, Atlassian, or any third parties involved in the data processing. The responsibility for ensuring compliance with data protection laws, including the proper handling of Personal Data, lies solely with the Data Controller and Atlassian.

9. Termination

9.1 Termination of Agreement

This Agreement will remain in effect until the termination of the JetHeads App or the Data Controller’s use of the App. Upon termination, JetHeads does not have access to or control over Personal Data. Therefore, any actions related to the deletion, anonymization, or retention of Personal Data must be handled by the Data Controller through Atlassian’s platform and processes, in accordance with Atlassian’s policies and procedures.

Have question? ✉️ Contact us. We are ❤️ happy to talk!

JetHeads
651 N Broad St, Suite 206, Middletown, DE 19709, USA