Govern code. Ship faster.

Foixar bridges business requirements and developer output with AI, governance, and structure.

Information

Get Started
Legal Center

Data Processing Addendum

Last updated: May 2026

1. Scope

This Data Processing Addendum (“DPA”) applies when Foixar processes personal data on behalf of a customer through the Foixar platform. The customer is the controller or business for Customer Data, and Foixar acts as processor or service provider, unless a separate written agreement states otherwise.

2. Processing Details

Foixar processes Customer Data to provide software delivery governance, AI-assisted specification and code generation, decision memory, audit trails, integrations, support, security, and related services. Personal data may include user identity claims, work email addresses, repository metadata, pull request authorship, comments, captured decisions, audit events, and operational logs.

3. Customer Instructions

Foixar processes Customer Data only under the customer's documented instructions, including these public terms, the applicable order, product configuration, connected integration settings, and any signed agreement between the parties.

4. Confidentiality and Security

Foixar restricts access to Customer Data to personnel and systems that need access to provide the Service. Foixar maintains administrative, technical, and organisational measures designed to protect Customer Data, including tenant isolation, access controls, encryption in transit, secret management, audit logging, and operational monitoring.

5. Subprocessors

Foixar may use subprocessors listed on the Subprocessors page. Foixar remains responsible for subprocessors it engages to process Customer Data. Tenant-selected providers, such as a customer's AI model or storage provider, are controlled by the customer and are not Foixar subprocessors unless agreed otherwise.

6. Data Subject Requests

Foixar will provide reasonable assistance for data subject requests where Customer Data processed through the Service is involved. Customers remain responsible for responding to requests from their users, employees, contractors, and other data subjects.

7. Security Incidents

Foixar will notify affected customers without undue delay after confirming a security incident involving Customer Data. Notices will include information reasonably available to Foixar about the nature of the incident, affected data, mitigation steps, and customer actions where applicable.

8. Deletion and Return

Upon termination or written request, Foixar will return or delete Customer Data in accordance with the applicable agreement and retention policy, except where retention is required for legal, security, audit, or compliance purposes.

9. International Transfers

Where international data transfer mechanisms are required, Foixar and the customer will use appropriate transfer safeguards, such as standard contractual clauses or another lawful mechanism. Tenant-selected provider regions are controlled by the tenant.

10. Contact

Privacy and data-processing questions can be sent to privacy@foixar.com.