1.Roles
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (“Customer”, the controller) and CloudJaeger (the processor). It applies where CloudJaeger processes personal data on the Customer’s behalf and that processing is subject to the EU/UK GDPR or similar data-protection laws.
2.Processing details
- Subject matter: provision of the CloudJaeger cost-optimization service.
- Duration: for the term of the Customer’s use of the Service, plus the deletion window below.
- Nature & purpose: ingesting cloud cost/inventory/utilization data to produce and explain recommendations and track outcomes.
- Types of personal data: account contact details (name, email); limited identifiers within cloud metadata/tags (e.g. an owner email in a resource tag).
- Data subjects: the Customer’s authorized users and any individuals identifiable in cloud metadata.
CloudJaeger reads cloud accounts read-only and does not access application data, storage contents, or database contents, so the volume of personal data processed is minimal by design.
3.Our obligations as processor
- Process personal data only on the Customer’s documented instructions (including this DPA and use of the Service).
- Ensure personnel with access are bound by confidentiality.
- Implement appropriate technical and organizational security measures (encryption in transit and at rest, least-privilege access, per-organization isolation, audit logging).
- Assist the Customer, taking into account the nature of processing, with data-subject requests and with security, breach-notification, and impact-assessment obligations.
- Notify the Customer without undue delay after becoming aware of a personal-data breach.
- Delete or return personal data at the end of the engagement, per the Privacy Policy retention terms.
- Make available information needed to demonstrate compliance and allow for reasonable audits.
4.Subprocessors
The Customer provides general authorization for CloudJaeger to engage the subprocessors listed at /subprocessors. CloudJaeger imposes data-protection terms on each subprocessor no less protective than this DPA and remains responsible for their performance. We will give notice of intended additions or replacements so the Customer may object on reasonable data-protection grounds.
5.International transfers
Where personal data is transferred from the EEA/UK/Switzerland to a country without an adequacy decision, the parties rely on the European Commission’s Standard Contractual Clauses (and the UK Addendum where applicable), which are incorporated by reference into this DPA.
6.Deletion
On termination, or on Customer request, CloudJaeger will delete personal data per the retention terms in the Privacy Policy, unless retention is required by law. Specifically: self-serve deletions performed by the Customer in the app (disconnecting a cloud account, deleting a workspace or account) are immediate and permanent, with no recovery window — the Customer should export data first if a copy is needed. Deletions initiated through CloudJaeger support deactivate the workspace immediately and are permanently purged by an operator after a 30-day grace window (a manual operator step — nothing is deleted automatically). Workspace audit logs (including actor email address and IP address) are retained for the life of the workspace for security and audit purposes and are deleted with it. The Customer can request immediate deletion by emailing privacy@cloudjaeger.com.
7.How to execute this DPA
During the beta, to put a countersigned DPA in place for your organization, email legal@cloudjaeger.com with your legal entity name and signatory. We will return a signature-ready copy.
