Last updated: May 19, 2026
This Data Processing Addendum ("DPA") forms part of the Terms of Service between Release Cadence ("Processor") and the customer ("Controller"). It applies when the Controller is subject to data protection legislation, including the EU General Data Protection Regulation (GDPR) and UK GDPR.
Release Cadence processes personal data to provide the Services as described in the Terms of Service, including product feedback collection, survey management, roadmap management, and Atlassian integration features.
Processing continues for the duration of the Controller's subscription to the Services, and for the data retention period thereafter as described in the Privacy Policy (up to 90 days following termination).
Release Cadence processes personal data to:
Release Cadence will process personal data only on documented instructions from the Controller, including as set out in this DPA and the Terms of Service. If Release Cadence is required by applicable law to process personal data in a manner not covered by the Controller's instructions, it will inform the Controller before such processing unless prohibited from doing so by law.
Release Cadence will ensure that personnel authorized to process personal data are bound by appropriate confidentiality obligations.
Release Cadence implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:
The Controller authorizes Release Cadence to engage the sub-processors listed in the Privacy Policy (Section 4.1). Release Cadence will inform the Controller of any intended changes to that list (additions or replacements) with reasonable notice, giving the Controller the opportunity to object. Release Cadence imposes data protection obligations on sub-processors equivalent to those in this DPA.
Release Cadence will assist the Controller, by appropriate technical and organizational measures, in fulfilling its obligation to respond to requests from data subjects exercising their rights under applicable data protection law (including rights of access, rectification, erasure, restriction, portability, and objection). To submit a data subject rights request on behalf of your organization, contact privacy@releasecadence.dev.
Taking into account the nature of processing and the information available, Release Cadence will assist the Controller in ensuring compliance with its obligations regarding security, breach notification, data protection impact assessments, and prior consultation with supervisory authorities.
Release Cadence will notify the Controller without undue delay upon becoming aware of a personal data breach affecting the Controller's data, providing sufficient information to allow the Controller to meet its obligations under applicable data protection law. Notifications will be sent to the Controller's registered account email address.
Upon termination of the Services, Release Cadence will, at the Controller's election, delete or return all personal data processed on behalf of the Controller, and delete existing copies, unless applicable law requires storage of the personal data. Data export is available through the platform prior to account termination. Following termination, personal data is deleted within 90 days.
Release Cadence will make available all information necessary to demonstrate compliance with the obligations in this DPA and will allow for and contribute to audits, including inspections, conducted by the Controller or a mandated auditor. Audit requests should be submitted to legal@releasecadence.dev.
Release Cadence's infrastructure is located in the United States. Where personal data is transferred from the European Economic Area (EEA) or the United Kingdom to the United States, such transfers are made under the Standard Contractual Clauses adopted by the European Commission (where applicable), or other lawful transfer mechanisms.
Controllers who require Standard Contractual Clauses as part of this DPA may request the executed SCCs by contacting legal@releasecadence.dev.
The Controller represents and warrants that:
This DPA is governed by the same law as the Terms of Service between the parties. To the extent required by applicable data protection law, the GDPR or UK GDPR shall take precedence over the governing law of the Terms of Service with respect to data protection matters.
Questions about this DPA, data subject rights requests, or requests for executed Standard Contractual Clauses:
Email: legal@releasecadence.dev
Privacy inquiries: privacy@releasecadence.dev