/
Data Processing Agreement (DPA)

Data Processing Agreement (DPA)

Last updated - 20th May 2025

App: Roadmap & Idea Portal for Jira Service Management

Between: Amoeboids Technologies Pvt. Ltd. (“Processor”) and the Customer (“Controller”)

1. Scope and Purpose

This DPA governs the processing of personal data by Amoeboids Technologies Pvt. Ltd. (“Processor”) on behalf of the Customer (“Controller”) in connection with the use of the Roadmap & Idea Portal app for Jira Service Management. The Processor shall process personal data solely for the purpose of providing the app’s features, including public portals, voting, commenting, and ticket interaction functionalities.

2. Roles of the Parties

  • Customer is the Data Controller.

  • Amoeboids Technologies Pvt. Ltd. is the Data Processor and will act solely on documented instructions from the Controller.

3. Types of Personal Data Processed

Stored:

  • Atlassian accountID

  • IP address (only for anonymous voting scenarios)

  • User-generated comments

  • Voting metadata (accountID ↔ JSM issue reference)

  • System log data that may occasionally contain usernames, IPs, or issue identifiers

Accessed (not stored):

  • Display name and email (fetched from Atlassian APIs in real-time)

4. Data Subjects

  • End users of the Customer’s Jira Service Management projects, including:

    • Internal employees

    • External customers or stakeholders interacting with the portal

5. Data Location & Subprocessors

Data sub-processors

6. Data Retention and Deletion

  • Data is retained for up to 60 days after the app is uninstalled.

  • Manual deletion is available only after uninstallation.

  • After 60 days, all stored data is automatically purged, including backups.

7. International Data Transfers

  • Personal data may be transferred to and processed in countries outside the EU/EEA where Amoeboids or its subprocessors operate, including India and the European Union.

  • Any such transfers will be carried out in accordance with applicable data protection laws, including use of adequate safeguards such as Standard Contractual Clauses (SCCs), if required.

8. Security Measures

The Processor implements appropriate technical and organizational measures, including:

  • Encryption in transit and at rest

  • Secure API usage and access control

  • Regular backups and audit logging

  • Restricted production database access

  • Logging of system events and access patterns, which may include IP addresses and user identifiers

9. Use of Cookies & Tracking

The app may use cookies and related tracking technologies solely to enhance functionality, maintain session state, or generate aggregated analytics. No personal data is stored in cookies unless explicitly needed for authentication or debugging.

10. Assistance & Cooperation

The Processor shall assist the Controller in:

  • Responding to data subject access requests

  • Data breach notifications

  • Supporting DPIAs (Data Protection Impact Assessments)

11. Audit Rights

Upon reasonable notice, the Controller may audit the Processor’s compliance with this DPA. Documentation or third-party audit support will be made available if required.

12. Contact

For data protection matters, contact:

Anand Inamdar

CEO, Amoeboids Technologies Pvt. Ltd.

📧 anand at amoeboids dot com

13. Governing Law

This DPA shall be governed by and construed in accordance with the laws of the Republic of India, and any disputes shall be subject to the exclusive jurisdiction of Indian courts.