Data Processing Addendum (DPA)

This Data Processing Addendum ("DPA") supplements the AI Mental Health Support & Stress Burnout Insights for Jira Privacy Policy and Terms of Service. This DPA is effective starting on the earlier of: (i) the date of acceptance by the customer or (ii) the date the app is used.

1. Scope and Term

1.1 Roles of the Parties

• Controller: The customer (e.g., Product Admins, Site Admins) determines the purposes and means of processing personal data within the app.
• Processor: AI Mental Health Support & Stress Burnout Insights for Jira operates as the processor, processing data on behalf of the customer exclusively within the Atlassian Forge platform.

1.2 Term of the DPA

This DPA remains in effect for the duration of the customer’s usage of the app. Upon termination, the processor will delete all personal data in compliance with Section 6 (Deletion of Data).

1.3 Order of Precedence

If there is any conflict between the DPA and the Terms of Service or Privacy Policy, the DPA will take precedence.

2. Processing of Personal Data

2.1 Customer Instructions

The processor will process personal data only as per the documented lawful instructions of the customer, specifically for the following purposes:

1. Generating workload stress metrics and actionable insights.
2. Maintaining compliance with Atlassian API guidelines.

2.2 Confidentiality

The processor ensures that all personnel authorized to process personal data are bound by confidentiality agreements and comply with GDPR requirements.

3. Security Measures

3.1 Security Measures

The processor has implemented and maintains appropriate technical and organizational measures, including:

• End-to-end encryption of data interactions.
• Compliance with Atlassian's security protocols.
• Automatic data erasure mechanisms.

3.2 Security Incidents

The processor will notify the customer within 72 hours of becoming aware of a security incident involving personal data. The processor will take reasonable steps to mitigate and resolve the incident.

4. Sub-processing

4.1 General Authorization

The processor does not engage sub-processors. All data processing occurs within the secure Atlassian Forge platform.

5. Assistance and Cooperation Obligations

5.1 Data Subject Rights

The processor will assist the customer in responding to data subject requests for access, rectification, erasure, or restriction of personal data in compliance with GDPR.

5.2 Cooperation Obligations

The processor will cooperate with Atlassian for any GDPR-related requests initiated by the customer, including data protection impact assessments.

6. Deletion of Data

6.1 Data Retention

All personal data is retained only for the duration necessary to fulfill the app’s functionalities and is automatically erased upon termination of use.

7. Audit Rights

7.1 Reporting

The processor adheres to Atlassian's audit standards and will provide documentation upon request to demonstrate compliance.

7.2 Customer Audits

The customer may request Atlassian to conduct an audit of the processor’s compliance within reasonable bounds and in accordance with Atlassian’s guidelines.

8. International Provisions

The processor complies with GDPR standards for international transfers of personal data. No data is stored or processed outside the Atlassian Cloud environment.

9. Definitions

• Customer: The user initiating the creation of workload stress metrics and insights through the app.
• Personal Data: Information about an identifiable individual processed exclusively within Jira Cloud.
• Processing: Any operation performed on personal data, including collection, analysis, and erasure.
• Processor: The app, which processes personal data on behalf of the customer.
• Sub-Processor: Any third party authorized to process personal data (not applicable for this app).

For privacy-related inquiries, please visit Atlassian’s Privacy Policy.