/
Data Processing Addendum (DPA)

Data Processing Addendum (DPA)

Last updated - 30th June 2025

This Data Processing Addendum (“DPA”) is entered into by and between Customer (“Controller”) and Amoeboids Technologies Pvt Ltd (“Processor” or “Amoeboids”), and forms part of the Terms of Service, End User License Agreement (EULA), or other written agreement governing Customer’s use of the Automated Release Notes & Reports for Jira app (the “Service”).

This DPA applies only to the Cloud version of the Service and governs the processing of personal data by Amoeboids on behalf of the Customer.

1. Roles and Responsibilities

Customer is the Data Controller and Amoeboids is the Data Processor. Customer determines the purposes and means of the processing of personal data and is responsible for compliance with applicable data protection laws, including the GDPR.

2. Purpose and Scope of Processing

Amoeboids processes personal data solely to deliver, maintain, and improve the Service in accordance with the Agreement and this DPA. Processing includes:

  • Storing configuration data including encrypted external email addresses

  • Temporarily handling email addresses obtained from Jira to send release notes

  • Storing Slack channel IDs (if integrated)

  • Generating and delivering release notes & reports content

Amoeboids does not sell, rent, or use personal data for marketing or profiling purposes.

3. Types of Personal Data

The categories of personal data processed may include:

  • Email addresses (configurable or fetched from Jira)

  • Jira account IDs or user identifiers

  • Slack channel identifiers (if integrated)

  • Optional user display names

No sensitive data (as defined under GDPR Article 9) is intentionally collected.

4. Data Retention and Deletion

Amoeboids retains personal data for the duration of the Customer’s active subscription. Upon termination:

  • All stored personal data will be automatically deleted within 60 days, including from backups

  • Customer may request earlier deletion by contacting our support

  • No active processing occurs post-termination

5. Security Measures

Amoeboids implements appropriate technical and organizational measures to ensure the security of personal data. These include:

  • Hosting on Amazon Web Services (AWS) with enterprise-grade physical and network security

  • Encryption at rest and in transit for stored data

  • Strict access controls and audit logging

  • Limited and role-based access to production environments

  • Regular employee security training and confidentiality obligations

Amoeboids follows industry-standard security practices suitable for a SaaS app hosted on AWS, including encryption, access controls, and production environment isolation.

6. Subprocessors

Amoeboids uses third-party subprocessors to support the Service (e.g., cloud hosting, email delivery). A list of current subprocessors is maintained at: Data sub-processors

Customer consents to the use of these subprocessors. Amoeboids will notify customers in advance of any material changes to the list and provide an opportunity to object where required by law.

7. International Transfers

Customer acknowledges that personal data may be transferred outside the country of origin (including to the United States or the European Union), depending on the location of hosting and subprocessors.

Where such transfers occur, Amoeboids ensures adequate protection by relying on Standard Contractual Clauses (SCCs) or equivalent legal safeguards in accordance with GDPR Articles 44–49.

8. Assistance with Data Subject Rights

Upon written request, Amoeboids will assist Customer in responding to:

  • Requests for access, rectification, or erasure of personal data

  • Objections to processing or requests for data portability

  • Security incidents or breach notifications

9. Confidentiality

Amoeboids ensures that all personnel authorized to process personal data are bound by appropriate confidentiality obligations, whether statutory or contractual.

10. Audit Rights

Upon reasonable written request, Customer may audit Amoeboids’ compliance with this DPA, no more than once annually. Audits shall:

  • Be conducted during normal business hours

  • Be subject to appropriate confidentiality measures

  • Not unreasonably disrupt Amoeboids’ business operations

Alternatively, Amoeboids may provide third-party certifications or audit reports to fulfill audit requirements.

11. Termination and Survival

This DPA will remain in effect for as long as Amoeboids processes personal data on behalf of the Customer and will survive the termination of the Agreement to the extent required for obligations related to deletion, confidentiality, and cooperation with supervisory authorities.

12. Contact and Questions

For questions or concerns regarding this DPA or personal data processing:

Please contact our support.