Skip to main content
Skip table of contents

Data Processing Agreement (DPA)

This DPA applies to all paid apps offered by Krosoft on the Atlassian Marketplace, including but not limited to the following:


1. Parties

This Data Processing Agreement ("DPA") is entered into between:

  • Customer: The Atlassian customer who installs and uses one or more Krosoft apps ("Controller")

  • Krosoft: Located in the Netherlands, developer of the apps ("Processor")


2. Subject Matter and Scope

This DPA governs Krosoft’s processing of End-User Data on behalf of the Controller in relation to any Krosoft app offered on the Atlassian Marketplace, in accordance with the General Data Protection Regulation (GDPR).


3. Nature and Purpose of Processing

Krosoft processes End-User Data solely to deliver the core functionality of its apps. This may include (depending on the app):

  • Configuration data (e.g. JQL templates, macro settings)

  • Project- or tenant-level identifiers

  • Form submissions or structured inputs (e.g. RSVP responses)

Krosoft does not collect or store issue content, comments, attachments, or personal data such as user email addresses or names, unless explicitly required by the app’s purpose.


4. Duration

Processing continues for the duration of the app installation. Upon uninstallation, customer data is retained for up to 30 days unless earlier deletion is requested.


5. Sub-Processors

Krosoft uses Heroku (Salesforce) for cloud hosting. Data is stored in Heroku’s EU data centers (e.g., Germany, Ireland). Salesforce provides GDPR-compliant Standard Contractual Clauses (SCCs) for international data transfers.
🔗 https://www.salesforce.com/company/privacy/


6. Security Measures

Krosoft implements appropriate technical and organizational measures to protect End-User Data, including:

  • Full encryption in transit and at rest

  • Logical tenant-level data separation

  • Access restrictions and internal audit logging


7. Data Subject Rights

The Controller is responsible for handling data subject requests (access, rectification, erasure). Krosoft will support the Controller with such requests upon request, in accordance with GDPR.


8. Data Transfers

When End-User Data is transferred outside the EEA (e.g., to Heroku's US-owned infrastructure), such transfers are covered by GDPR-approved mechanisms (SCCs).


9. Termination

Upon app uninstallation or termination of the agreement, all End-User Data is deleted within 30 days unless an earlier deletion request is submitted.


10. Contact

Questions or data-related inquiries can be directed to:
📧 support@krosoft.nl

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.