Legal
Data Processing Agreement
Last updated: 18 June 2026
1. Introduction
This Data Processing Agreement ("DPA") describes how IntegraCI ("we", "us"), the operator of the IntegraCI managed platform, registered in New Zealand, processes personal data on behalf of customers ("you") who use the managed service. It is published for transparency during public beta and forms the template for the signed DPA we offer Enterprise customers.
2. Scope & roles
For personal data you submit to or generate on the managed platform, you act as the data controller and IntegraCI acts as your data processor: we process that data only on your documented instructions, which are the use of the service as configured by you, plus any written instructions you give us. For self-hosted deployments, you operate the software on your own infrastructure and are the sole controller and processor; this DPA covers the managed service only.
3. Nature & purpose of processing
We process personal data solely to provide, secure, meter, and support the managed service. The categories of data and processing are limited to:
- Account data: names, work emails, and the credentials users set at signup, used to authenticate and administer your tenant.
- Tenant configuration: organisation name, tenant slug, plan, and non-secret connector configuration that defines how your platform is set up.
- Operational telemetry: pipeline runs, deploy events, audit-log entries, and aggregate usage metrics used for billing, quotas, reliability, and incident response.
Processing lasts for the term of your subscription and the limited retention windows described in the Privacy notice. We do not sell personal data and do not process it for our own independent purposes.
4. Security measures
We maintain technical and organisational measures appropriate to the risk. These are properties of the platform itself:
- Tenant isolation: Postgres Row-Level Security with FORCE across tenant tables, fail-closed and transaction-scoped, so isolation lives at the database engine itself.
- Secret handling: connector secrets are routed into OpenBao under your tenant-scoped path. Postgres holds only an opaque reference, never the plaintext credential.
- Credential hashing: account passwords are hashed with bcrypt; we never store or see the plaintext.
- Tamper-evident audit trail: state-changing actions are recorded in an append-only audit log chained with a SHA-256 rolling hash, so tampering is cryptographically detectable.
- Encryption: data is encrypted in transit (TLS) and at rest, and secrets stay outside the application database, logs, and backups in plaintext.
5. Sub-processors
We engage a limited set of sub-processors to deliver the managed service. Each is bound by data-protection terms consistent with this DPA. The current categories are:
| Sub-processor | Purpose | Data processed |
|---|---|---|
| Cloud hosting provider | Compute, storage, and network for the managed platform | All categories above, as hosted |
| Stripe | Subscription billing, trials, and dunning | Billing contact and payment metadata |
The current, complete list of sub-processors is available on request and is updated here as it changes.
6. International transfers
Where personal data is transferred across borders in the course of providing the service, we rely on appropriate safeguards. These include the European Commission’s Standard Contractual Clauses (SCCs) and equivalent mechanisms where applicable, together with the technical measures described above.
7. Data-subject requests & sub-processor changes
We assist you in responding to data-subject requests. The platform exposes self-service data export and right-to-erasure workflows for tenant owners; for anything that is not self-service, contact us and we will help you respond within the timeframes the law requires. Where we add or replace a sub-processor, we will update the list above and, for Enterprise customers under a signed DPA, give the advance notice that agreement specifies so you may object on reasonable data-protection grounds.
8. Beta template & signed DPA
This page is a beta template published for transparency. It is not a signed agreement, and it is not a substitute for legal advice; it requires review by your own counsel before you rely on it. IntegraCI ships pre-built compliance policy bundles, but is not certified against any framework. A signed Data Processing Agreement, which supersedes this page, is available for Enterprise customers. Contact [email protected].
This DPA describes the IntegraCI managed service, operated by IntegraCI (registered in New Zealand), during public beta. It is a template for transparency, not a signed agreement. Enterprise customers: a signed Data Processing Agreement is available and supersedes this page. Contact [email protected].