Legal
Data Processing Addendum (DPA)
Last updated:
Preamble
This Data Processing Addendum (“DPA”) supplements and forms part of the agreement between GetVeripsa (“Veripsa,” “we”) and the customer identified in the order or sign-up record (“Customer,” “you”) for use of Veripsa Core and the Veripsa platform (together, the “Services”). Where this DPA and the underlying Terms of Service conflict on matters of Personal Data processing, this DPA controls.
1. Parties
- Data Processor / Service Provider: GetVeripsa (operator of Veripsa Core and the Veripsa platform), contactable at support@veripsa.com.
- Data Controller / Business: the Customer identified in the GitHub installation or platform sign-up record associated with this DPA.
For UK and EU transfers, GetVeripsa acts as a processor (or, where applicable, sub-processor) on behalf of the Customer.
2. Definitions
Capitalised terms used but not defined in this DPA have the meanings given in the Terms of Service or in applicable Data Protection Law.
- Applicable Data Protection Law— the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the UK GDPR and Data Protection Act 2018, the California Consumer Privacy Act as amended by the CPRA (“CCPA”), and any other privacy or data-protection laws applicable to the Services.
- Personal Data — has the meaning given by Applicable Data Protection Law and, for the purposes of this DPA, is limited to the categories listed in Section 4.
- Processing — any operation performed on Personal Data, including collection, storage, transmission, and erasure.
- Sub-processor— any third-party processor engaged by Veripsa to process Personal Data on Customer's behalf.
3. Scope and roles
3.1 Scope.This DPA applies to Veripsa's Processing of Personal Data on Customer's behalf in providing the Services.
3.2 Roles. Customer is the Controller (or Business). Veripsa is the Processor (or Service Provider). Each party will comply with its obligations under Applicable Data Protection Law.
3.3 No sale or sharing. Veripsa does not sell Personal Data and does not share Personal Data for cross-context behavioral advertising. Veripsa does not use Personal Data for its own commercial purposes outside of providing and operating the Services.
3.4 Content-free product posture. Veripsa Core is content-free by design — it reads file contents transiently to produce the minimal operational metadata needed for collision advisories, and then discards them. Source code is not stored. This posture narrows the scope of Personal Data Processing materially and is reflected in Section 4. See the Privacy Policy and the Trust Center for the same posture in policy form.
4. Categories of data and data subjects
4.1 Data subjects. Authors of pull requests in repositories where Veripsa Core is installed; users who sign in to the Veripsa platform dashboard; administrators of the installing GitHub account.
4.2 Categories of Personal Data processed. The following content-free categories may be processed:
- The GitHub login of a pull-request author (a public handle).
- Opaque GitHub numeric IDs (account ID, repository ID, installation ID) used as immutable tenancy and routing keys.
- Repository and structural metadata, including repository and branch names, PR numbers, commit and content fingerprints, path and symbol names, language and symbol kinds, changed line ranges, relationship types, timestamps, and advisory, delivery, and lifecycle state.
- A session cookie (signed JWT) carrying only the opaque GitHub user ID, for users who sign in to the Veripsa platform.
- Operational metadata needed to run advisory checks and keep them fresh.
4.3 Categories Veripsa does not retain.Source file and diff bodies are processed transiently and discarded. Veripsa does not retain them, commit message or PR-body text, or profile fields (name, avatar, email) returned at sign-in (these are stripped from the session, not stored); payment card data; analytics or advertising identifiers. Veripsa does not access GitHub's secret stores. A value committed to a tracked file, including a committed.env file, may be processed transiently with the file body but is not intentionally extracted or retained. Veripsa Core early access has no active checkout or card collection.
4.4 No special categories. Veripsa does not request, and the Services are not designed to receive, special categories of Personal Data (Article 9 GDPR) or protected-health-information categories. Customer agrees not to direct such categories into the Services.
5. Processing instructions and duration
5.1 Documented instructions.Veripsa Processes Personal Data only on Customer's documented instructions, which include: (a) this DPA; (b) the Terms of Service; (c) Customer's configuration of the Services (installation scope, repository selection, plan selection); and (d) any written instructions the parties agree to.
5.2 Compliance with law.Where Veripsa is required by law to Process Personal Data outside Customer's instructions, Veripsa will notify Customer of that requirement before Processing unless the law prohibits such notice.
5.3 Duration.Veripsa will Process Personal Data for the duration of the Customer's installation of the Services, plus the retention windows described in Section 11.
6. Confidentiality
Veripsa ensures that personnel authorised to Process Personal Data are bound by appropriate confidentiality obligations and access Personal Data only on a need-to-know basis.
7. Security measures
7.1 Technical and organisational measures. Veripsa implements appropriate technical and organisational measures to protect Personal Data, including:
- TLS in transit for all platform and webhook traffic.
- At-rest encryptionof the managed database via the hosting provider's standard encryption.
- Tenant-isolated database controls for multi-tenant Veripsa Core data, keyed by immutable opaque GitHub account identifiers. Cross-tenant reads require explicit authority checks.
- Least-privilege application roles for database access; no broad administrative credentials in application code.
- Webhook signature verification on inbound GitHub webhooks.
- Content-free product design, which materially reduces the confidentiality risk by not storing source code in the first place.
- Continuous isolation testing on every change targeting zero cross-tenant reads.
7.2 Honest scope. Veripsa does not today hold SOC 2, ISO 27001, FedRAMP, or HIPAA accreditations. The Trust Center page describes the structural posture Veripsa offers today on the merits.
8. Sub-processors
8.1 Authorised sub-processors. Customer authorises Veripsa to engage the following sub-processors, each Processing only the data described. This list mirrors the Trust Center sub-processor table and is the authoritative list as of the Last updated date above.
| Sub-processor | Purpose | Region | Data that flows |
|---|---|---|---|
| GitHub | GitHub App platform; OAuth sign-in to the dashboard | Global (GitHub) | Repository structure read via the App; check runs and PR comments written by the App; OAuth identity at sign-in (opaque GitHub user ID only). |
| Render | Compute and managed database hosting for Veripsa Core and the Veripsa platform | US (primary) | All content-free working-set data. No file bodies; no card data. |
8.2 Flow-down obligations. Veripsa imposes on each sub-processor data protection obligations no less protective than those in this DPA, to the extent applicable to the services provided.
8.3 Notice of changes. Veripsa will notify Customer of intended additions or replacements of sub-processors by updating the list on the Trust Center page with a new Last updated date; a notification mechanism for sub-processor changes is on the roadmap. Customer may object to a new sub-processor on reasonable data-protection grounds; if the parties cannot resolve the objection, Customer may terminate the affected portion of the Services.
8.4 Liability for sub-processors.Veripsa remains responsible for its sub-processors' performance of obligations under this DPA.
9. International transfers
9.1 Transfer mechanisms. Where Veripsa transfers Personal Data originating in the EEA, the UK, or Switzerland to a country that has not been recognised as providing adequate protection, the parties will rely on the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) and, for the UK, the UK International Data Transfer Addendum, each incorporated by reference where required.
9.2 Module selection. For transfers from Customer (as Controller) to Veripsa (as Processor), Module Two applies; for transfers from Veripsa (as Processor) to a sub-processor, Module Three applies.
10. Data subject rights
10.1 Assistance. Taking into account the nature of the Processing, Veripsa will provide reasonable assistance to enable Customer to respond to verifiable data subject requests under Applicable Data Protection Law (access, rectification, erasure, restriction, portability, objection).
10.2 Direct requests.If a data subject contacts Veripsa directly, Veripsa will (a) refer the data subject to Customer where appropriate; and (b) not respond on Customer's behalf without Customer's instruction.
10.3 PII-minimal scope. Because Veripsa limits persistence to the categories listed in Section 4, including opaque GitHub IDs and content-free names, a typical access or erasure request is satisfied by the uninstall + enumerated erase/purge gate described in Section 11. Customer may also email support@veripsa.com to request manual assistance.
11. Term, return, and deletion
11.1 Retention table. Veripsa retains Personal Data only as long as necessary to provide the Services. The retention windows below mirror the Trust Center retention table.
| Object | Retention |
|---|---|
| Working set (in-flight reservations and content-free caches) | Kept while active. Inactive repo working-set/cache rows may be pruned after a period of inactivity, normally 30 days. The working set is rebuilt on the next default-branch push or pull request; co-change history is repopulated asynchronously. Purged on uninstall and on account deletion via the enumerated erase/purge gate. |
| Operational telemetry (push and landing events) | Retained for 30 days, then pruned. |
| Advisory history (append-only) | Kept as an append-only content-free record until account erasure; not used as a live working set. |
| Webhook delivery audit | Terminal (completed or failed) entries are pruned after 30 days by the nightly retention sweep; the delivery payload is cleared as soon as an entry completes. Also covered by the same account-deletion erase/purge gate. |
| Account-lifecycle events (governed-write audit) | Retained as an append-only operational record; deleted on account deletion via the enumerated erase/purge gate. |
| Sign-in session cookie (signed JWT, opaque GitHub user ID only) | Stored in the user's browser; cleared on sign-out. Veripsa does not keep a parallel server-side session record. |
| First-party install-source marketing events | Retained for 30 days, then pruned. Only approved attribution fields (source, locale, optional campaign slug); no cookies, visitor IDs, IP addresses, or GitHub identity. |
11.2 Return or deletion on termination.Upon termination of the Services, Veripsa will, at Customer's choice, delete or return Personal Data and delete existing copies, unless retention is required by law. Uninstalling the GitHub App purges the working set automatically.
11.3 Erasure on request. Customer may request erasure of Personal Data at any time by emailing support@veripsa.com.
12. Audit
12.1 Audit information. Veripsa will make available to Customer information reasonably necessary to demonstrate compliance with this DPA, including the Trust Center page, the Privacy Policy, and the Security overview.
12.2 Audit on reasonable request.Where Applicable Data Protection Law requires an audit, Customer (or an independent auditor reasonably acceptable to Veripsa, bound by confidentiality) may, on at least thirty (30) days' prior written notice and no more than once per twelve-month period, audit Veripsa's compliance with this DPA, at Customer's expense and during normal business hours, in a manner that does not interfere with Veripsa's operations or other customers' data.
12.3 Third-party reports. Where a third-party assessment (such as a SOC 2 report) is available, Veripsa may satisfy audit requests by providing the relevant report. Veripsa does not today hold such assessments and will say so honestly when asked.
13. Personal Data breach notification
13.1 Notice.Veripsa will notify Customer without undue delay after becoming aware of a Personal Data breach affecting Customer's Personal Data, and in any event in the timeframe required by Applicable Data Protection Law.
13.2 Information provided. Notice will include, to the extent known, the nature of the breach, the categories and approximate number of data subjects and records affected, likely consequences, and the measures taken or proposed to address the breach.
13.3 Content-free communication.Consistent with Veripsa's incident process, breach communications describe events in structural terms (which subsystem, which tenants were affected) and do not echo source code or repository contents.
14. DPIA assistance
Taking into account the nature of the Processing and the information available to Veripsa, Veripsa will provide reasonable assistance to Customer with data protection impact assessments and prior consultations with supervisory authorities under Articles 35 and 36 GDPR.
15. Liability
15.1 Limits.Each party's liability under this DPA is subject to the limitations and exclusions of liability set out in the underlying Terms of Service. Nothing in this DPA limits any liability that cannot be limited under Applicable Data Protection Law.
15.2 No new warranties. This DPA does not create warranties or service-level commitments beyond those in the Terms of Service, the Trust Center, the Privacy Policy, the Security overview, or any future paid-plan terms published before those plans are available.
16. Order of precedence
In the event of a conflict between this DPA and the Terms of Service in relation to the Processing of Personal Data, this DPA prevails. In the event of a conflict between this DPA and the Standard Contractual Clauses (where they apply), the Standard Contractual Clauses prevail.
17. General
17.1 Changes. Veripsa may update this template as the product and applicable law evolve; material changes will be reflected here with a new Last updated date. A signed instance of this DPA in effect between the parties is governed by its own change-control terms.
17.2 Counterparts and signatures. This template is provided unsigned; a counter-signed instance may be executed by exchange of electronic signatures on request.
17.3 Contact. For DPA execution, sub-processor questions, or data subject requests requiring manual assistance: support@veripsa.com.