Data Processing Addendum (DPA)
Version: 1.3 • Effective Date: May 11, 2026
This Data Processing Addendum ("DPA") forms part of the Agreement between Philip Amato, trading as Sync-o (P. IVA IT18526001005, Piazza di Villa Fiorelli 5, 00182 Rome, Italy) ("Processor") and the organization identified as the customer ("Controller") and applies to the processing of Personal Data on behalf of the Controller.
1. Context & Architecture (The "Atlassian-Native" Model)
Unlike traditional SaaS platforms that ingest and store all customer data, Sync-O operates as a "Minimal-Footprint Processor" within your Atlassian ecosystem.
- Ephemeral Processing for AI Generation: Jira and Confluence body content is fetched on demand for each ticket-transition event, processed in memory by the AI provider, and discarded immediately after the generation task completes. Full ticket and page bodies are never persisted by Sync-O.
- Persistent Storage (Limited Scope): Sync-O persists only (a) metadata (Atlassian Site URL, User IDs, Configuration Settings), (b) audit log entries (ticket keys, page IDs), and (c) short section-level content excerpts (≤1,800 characters per chunk) together with their vector embeddings, used exclusively to power the in-app Smart Picker cross-page semantic search feature. These excerpts are stored encrypted in DynamoDB (eu-west-1) with a 90-day TTL and are deleted on app uninstallation — see §3 and §6.
- Hosting: Sync-O's core infrastructure (compute, database, vector storage) is hosted on AWS in Ireland (eu-west-1). Embedding generation runs on Google Cloud Vertex AI in Belgium (europe-west1). Both regions are within the European Union.
2. Definitions
- "GDPR" means the General Data Protection Regulation (EU) 2016/679.
- "Personal Data" means any information relating to an identified or identifiable natural person processed by Processor on behalf of Controller.
- "Sub-processor" means any third party appointed by Processor to process Personal Data.
3. Scope and Details of Processing
Subject Matter: Provision of the Sync-O Atlassian Forge app services (Jira-to-Confluence automated documentation and synchronization).
Duration: The term of the Agreement plus the period until all Personal Data is deleted or returned (automated deletion occurs upon app uninstallation).
Nature and Purpose: Automated analysis of Jira issues and Confluence pages to generate summaries, updates, and cross-links; providing enterprise analytics and audit logs.
Categories of Data:
- User Profile Data: Atlassian User IDs, Email addresses, Names (provided by Forge context).
- Atlassian Context Metadata: Site URL (Cloud ID), Issue Keys, Page IDs, Parent Space IDs.
- Configuration Data: AI provider preferences, notification settings.
- Content Excerpts & Vector Embeddings: Short text excerpts (≤1,800 characters per section) drawn from Confluence pages, together with their mathematical vector representations, used to power semantic relevance matching across pages. Full page bodies are not stored. Stored in DynamoDB (eu-west-1) with a 90-day TTL and deleted on app uninstallation.
Data Subjects: Users within the Controller's Atlassian Cloud site.
4. Processor Obligations
Processor shall:
- Instructions: Process Personal Data only on documented instructions from Controller (including this DPA and the Agreement), unless required by law.
- Confidentiality: Ensure that persons authorized to process Personal Data have committed themselves to confidentiality.
- Security: Implement appropriate technical and organizational measures (TOMs) as outlined in Annex 1.
- Sub-processors: Only engage sub-processors listed in the Sync-O Trust Center or otherwise notified to the Controller.
- Data Breach: Notify Controller without undue delay after becoming aware of a Personal Data Breach.
5. International Data Transfers
- Primary Processing Location: European Union (EU).
- Transfers: Any transfers to sub-processors outside the EEA (e.g., US-based AI providers like OpenAI or Anthropic, or Azure OpenAI in the Controller's selected region, when configured by the Controller) shall be governed by Standard Contractual Clauses (SCCs).
6. Deletion or Return of Data
Upon uninstallation of the Sync-O app, Processor's automated deletion handler is triggered immediately via the Forge uninstall webhook to remove all tenant-specific configuration, installation IDs, audit records, content excerpts, and vector data. A reconciliation sweep ensures complete deletion within 30 days as a backstop in the event of webhook delivery failure, unless applicable law requires retained storage.
ANNEX 1: SECURITY MEASURES
- Encryption: Data in transit is encrypted via TLS 1.2+ (TLS 1.3 where supported by client). Data at rest (metadata, API keys, content excerpts, vector embeddings) is encrypted via AES-256 using AWS KMS.
- Credential Storage: Customer-supplied AI provider API keys are stored using Atlassian Forge
setSecret(encrypted at rest by Atlassian) or AWS KMS-encrypted DynamoDB fields, never in plaintext. - Access Control: Least-privilege IAM models for all internal infrastructure. MFA required for all developer access. No standing production database access; break-glass procedures audited.
- Isolation: Multi-tenant data is strictly isolated within DynamoDB via logical partition keys (Cloud ID). No cross-tenant query path exists in application code.
- Selective Persistence: Full Jira ticket and Confluence page bodies are processed in memory for AI generation and never persisted. Only short section-level content excerpts (≤1,800 characters per chunk) and their vector embeddings are persisted, and only to power the Smart Picker semantic-search feature.
- Retention & Deletion: Content excerpts and embeddings carry a 90-day TTL; audit records carry tenant-configurable retention. App uninstallation triggers immediate deletion of all tenant-specific data with a 30-day reconciliation backstop.
ANNEX 2: SUB-PROCESSORS
The following sub-processors are engaged by Processor in connection with the Sync-O service. The list is also published in the Trust Center and the Atlassian Marketplace listing; this Annex is authoritative if the two diverge.
| Sub-processor | Location | Purpose | Engagement |
|---|---|---|---|
| Amazon Web Services, Inc. | Ireland (eu-west-1) | Cloud hosting, data storage, serverless compute (Lambda, DynamoDB, SQS, CloudWatch) | Always |
| Google LLC | Belgium (europe-west1) | AI content analysis and embedding generation via Vertex AI Gemini and text-embedding-004 | Default AI provider |
| OpenAI, OpCo, LLC | United States | AI content analysis | Optional — only when Controller configures OpenAI in BYOM settings |
| Anthropic PBC | United States | AI content analysis | Optional — only when Controller configures Anthropic Claude in BYOM settings |
| Microsoft Corporation (Azure OpenAI) | United States (legal entity); Controller-selected Azure region for processing | AI content analysis | Optional — only when Controller configures Microsoft Azure OpenAI in BYOM settings |
Transfers of Personal Data to sub-processors located outside the EEA are governed by the EU Standard Contractual Clauses (SCCs) in each sub-processor's own DPA, which Processor has accepted on behalf of Controllers as their downstream sub-processor.