Data Processing Agreement (DPA)
This DPA applies to all paid apps offered by Krosoft on the Atlassian Marketplace, including but not limited to the following:
1. Parties
This Data Processing Agreement ("DPA") is entered into between:
Customer: The Atlassian customer who installs and uses one or more Krosoft apps ("Controller")
Krosoft: Located in the Netherlands, developer of the apps ("Processor")
2. Subject Matter and Scope
This DPA governs Krosoft’s processing of End-User Data on behalf of the Controller in relation to any Krosoft app offered on the Atlassian Marketplace, in accordance with the General Data Protection Regulation (GDPR).
3. Nature and Purpose of Processing
Krosoft processes End-User Data solely to deliver the core functionality of its apps. This may include (depending on the app):
Configuration data (e.g. JQL templates, macro settings)
Project- or tenant-level identifiers
Form submissions or structured inputs (e.g. RSVP responses)
Krosoft does not collect or store issue content, comments, attachments, or personal data such as user email addresses or names, unless explicitly required by the app’s purpose.
4. Duration
Processing continues for the duration of the app installation. Upon uninstallation, customer data is retained for up to 30 days unless earlier deletion is requested.
5. Sub-Processors
Krosoft uses Heroku (Salesforce) for cloud hosting. Data is stored in Heroku’s EU data centers (e.g., Germany, Ireland). Salesforce provides GDPR-compliant Standard Contractual Clauses (SCCs) for international data transfers.
🔗 https://www.salesforce.com/company/privacy/
6. Security Measures
Krosoft implements appropriate technical and organizational measures to protect End-User Data, including:
Full encryption in transit and at rest
Logical tenant-level data separation
Access restrictions and internal audit logging
7. Data Subject Rights
The Controller is responsible for handling data subject requests (access, rectification, erasure). Krosoft will support the Controller with such requests upon request, in accordance with GDPR.
8. Data Transfers
When End-User Data is transferred outside the EEA (e.g., to Heroku's US-owned infrastructure), such transfers are covered by GDPR-approved mechanisms (SCCs).
9. Termination
Upon app uninstallation or termination of the agreement, all End-User Data is deleted within 30 days unless an earlier deletion request is submitted.
10. Contact
Questions or data-related inquiries can be directed to:
📧 support@krosoft.nl