Data Processing Addendum (DPA) for Life in Codes apps on Atlassian Marketplace

Last Updated: February 16, 2026

This Data Processing Addendum (“DPA”) forms part of the Master Service Agreement or End User License Agreement (the “Agreement”) between Life in Codes Solutions SRL, a company incorporated in Romania (Registry code: 32426790), having its registered office at bld Independentei, bl 106, sc A, ap 19, cam 1, Giurgiu 080115, Romania (“Life in Codes”), and the entity subscribing to Life in Codes’ apps on the Atlassian Marketplace (“Customer”).

1.1. “Data Protection Laws” means all laws and regulations applicable to the Processing of Personal Data under the Agreement, including the EU General Data Protection Regulation (2016/679) (“GDPR”) and any applicable national implementing laws.

1.2. “Customer Personal Data” means any Personal Data processed by Life in Codes on behalf of the Customer in the course of providing the apps and services.

1.3. “Sub-processor” means any third party appointed by Life in Codes to process Customer Personal Data.

1.4. The terms “Controller”, “Processor”, “Data Subject”, “Personal Data”, and “Processing” shall have the meanings given to them in the GDPR.

2.1. Roles: The parties acknowledge that for the purposes of the GDPR, the Customer is the Controller and Life in Codes is the Processor of Customer Personal Data.

2.2. Instructions: Life in Codes shall process Customer Personal Data only on documented instructions from the Customer, including with regard to transfers of personal data to a third country, unless required to do so by EU or Member State law.

3.1. Confidentiality: Life in Codes ensures that persons authorized to process the personal data have committed themselves to confidentiality.

3.2. Security: Life in Codes shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, as required by Article 32 of the GDPR. (See Annex II).

3.3. Assistance: Taking into account the nature of the processing, Life in Codes shall assist the Customer by appropriate technical and organizational measures, insofar as this is possible, for the fulfillment of the Customer’s obligation to respond to requests for exercising the Data Subject's rights.

4.1. Authorization: The Customer provides a general authorization for Life in Codes to engage Sub-processors. A list of current Sub-processors is available in Annex III.

4.2. Notification: Life in Codes shall inform the Customer of any intended changes concerning the addition or replacement of Sub-processors, giving the Customer the opportunity to object.

4.3. Liability: Life in Codes remains fully liable to the Customer for the performance of the Sub-processor’s obligations.

5.1. EEA Transfers: Life in Codes is headquartered in Romania (EEA), with offices also in Estonia, Belgium, UK and UAE. If Customer Personal Data is transferred outside the EEA to a country not recognized as providing an adequate level of protection, the parties shall ensure that Standard Contractual Clauses (SCCs) or other valid transfer mechanisms are in place.

6.1. Life in Codes shall notify the Customer without undue delay (and in any event within 48 hours) after becoming aware of a personal data breach. Life in Codes will provide sufficient information to allow the Customer to meet its obligations to report the breach to authorities or data subjects.

7.1. Upon termination of the Agreement, Life in Codes shall, at the choice of the Customer, delete or return all Customer Personal Data, unless EU or Member State law requires storage of the personal data.

• Subject Matter: The provision of Life in Codes apps (e.g., Issue Preview, Attachment Locker, etc..) on the Atlassian Marketplace.

• Duration: The term of the Customer’s subscription to the apps.

• Nature and Purpose: To provide app functionality, technical support, and analytics.

• Categories of Data Subjects: Users of the Customer’s Atlassian (Jira/Confluence) instance.

• Types of Personal Data:

  • Atlassian Account IDs

  • User Display Names and Email Addresses

  • Metadata related to app usage (e.g., timestamps, logs)

  • Attachment metadata in the case of Attachment Locker for Confluence

Life in Codes prioritizes a "Privacy by Design" architecture. For our cloud-based applications, we utilize the Atlassian Forge platform, which allows us to provide functionality without hosting our own external databases for Customer Personal Data.

1. Data Residency and Hosting (Atlassian Forge)

• Infrastructure: For the Attachment Locker app, all compute and storage are provided by Atlassian’s Forge infrastructure. Customer Personal Data remains within the Atlassian cloud environment and is subject to Atlassian’s enterprise-grade security standards, with the exception of email notifications (see Sub-processors in ANNEX III)

• Data Isolation: Data is logically isolated within Atlassian’s multi-tenant architecture, ensuring that one customer’s data cannot be accessed by another.

2. Encryption

• In Transit: All data transmitted between the user’s browser and the Forge environment is encrypted using industry-standard Transport Layer Security (TLS 1.2+).

• At Rest: Any configuration data stored via Forge APIs is encrypted at rest by Atlassian using AES-256 or higher.

3. Access Control and Minimalist Processing

• Administrative Access: Life in Codes staff have no access to the Customer’s Confluence content. Access to app configuration logs is restricted to authorized developers and is used only for troubleshooting.

• Egress Control: Our Forge apps are configured with strict egress permissions, preventing the unauthorized transfer of data to external, non-Atlassian domains.

4. Data Center & On-Premise Apps (Out of Scope)

• For apps such as Issue Preview, all processing occurs exclusively within the Customer’s own infrastructure. Life in Codes has no access to, and does not transmit, any Customer Personal Data from these environments.