Skip to content
Legal — GDPR Art. 28

Data Processing Agreement

Standard terms, version 2026-06-05 · Regulation (EU) 2016/679 (GDPR), Art. 28.

Draft — pending legal review. For a countersigned copy, contact us. This agreement supplements the Terms of Service and is governed by Regulation (EU) 2016/679 (GDPR), Art. 28.

1. Parties & roles

Processor: Canine Development, Denmark. Controller: the customer accepting the Terms of Service. The processor processes personal data only on documented instructions from the controller — connecting a repository, choosing a cadence, and requesting scans constitute those instructions.

2. Subject matter, nature & purpose

Automated analysis of connected repositories producing engineering-health reports and metrics: temporary cloning, static and model-assisted analysis, report generation, storage of reports and metrics, and deletion of the working copy after each scan.

3. Categories of data & data subjects

  • Account data — GitHub identity: login, display name, email.
  • Repository data — source code and git metadata (author names and emails), which may incidentally contain personal data.
  • Derived data — reports, metrics and findings, which may quote small code excerpts and git authorship (e.g. ownership and bus-factor analysis).

4. Duration & deletion

Working copies are deleted at the end of every scan, including failed scans. Reports and metrics are retained while the repository is connected; on disconnection or termination, stored reports and metrics are deleted within 30 days of a deletion request.

Self-service account closure: a 14-day reversible grace period, then permanent deletion — personal data and the Keycloak login are erased, reports and source-derived artifacts are purged, and a repository whose last connected account was yours has its identity stripped (owner and name removed). We do not touch your GitHub/GitLab account or app installation.

Retained after erasure on a separate legal basis: invoices and billing records (bookkeeping); an identity-free record that a repository was previously scanned (to prevent repeated free-scan abuse); anonymised, non-identifying aggregate scores (peer benchmarking); signed compliance attestations kept as immutable records with the signer's account link removed.

5. Technical & organisational measures

All processing on hardware owned and operated by the processor in Denmark (EU) — no cloud compute or storage. Self-hosted LLM. TLS on all public transport; internal services behind a host firewall. OIDC sign-in via self-hosted Keycloak (no local password store). Repository authorisation mirrors GitHub and is re-synchronised daily (revocation within 24 hours). Read-only source access (GitHub App: Contents + Metadata, read-only). Production access limited to the processor's operator.

6. Subprocessors

The controller authorises the subprocessors listed at /security#7-subprocessors--the-whole-list: GitHub, Inc. (source hosting and identity) and Stripe, Inc. (payments, once billing activates). The processor gives email notice before adding a subprocessor; the controller may object on reasonable data-protection grounds — the remedy is termination with a pro-rata refund.

7. Confidentiality, integrity, availability

Repository contents are the controller's confidential information and are used solely to provide the service. The processor does not train models — its own or anyone else's — on controller data. Public publication happens only per the Terms of Service.

8. Assistance & breach notification

The processor assists the controller with data-subject requests and with obligations under GDPR Art. 32–36, and notifies the account email without undue delay and within 72 hours of becoming aware of a personal-data breach.

9. Audit

The processor makes available the information reasonably necessary to demonstrate Art. 28 compliance (starting with the verifiable claims on the security page), and permits audits by the controller or a mandated auditor at reasonable notice, at the controller's cost.

10. International transfers

The processor's own processing takes place in Denmark (EU). GitHub-hosted repositories remain under the controller's own GitHub agreement (USA); the processor only reads from their existing location. No other transfers outside the EU/EEA.