Last updated 20 June 2026
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between you (the “Customer”, acting as data controller) and Jyngle Technologies Private Limited, operating as Gideon (“Gideon”, acting as data processor), and governs Gideon’s processing of personal data on the Customer’s behalf. Where you are a business customer subject to the GDPR, UK GDPR, India’s DPDP Act, or similar laws, this DPA applies. A countersigned copy is available on request at audit@gideonhq.io.
The Customer is the controller and Gideon is the processor of any personal data contained in the logs the Customer submits. Gideon processes that data only to provide the service described in the Terms, and only on the Customer’s documented instructions (the Terms, this DPA, and your use of the product being such instructions).
| Subject matter | Generating security triage reports from the Customer’s AWS CloudTrail exports. |
|---|---|
| Duration | For the term of the Terms, plus the short retention window in section 6. |
| Nature & purpose | Automated investigation and classification of notable events; delivery of a report. |
| Types of data | CloudTrail management-event records — which API calls occurred, by whom, from where (e.g. usernames, ARNs, IP addresses, user-agents, timestamps). Not file contents, database contents, or credentials. |
| Data subjects | The Customer’s personnel and any identities that appear in the submitted logs. |
The Customer authorises Gideon to engage the following sub-processors, each bound by data-protection obligations no less protective than this DPA:
| Sub-processor | Purpose | Location |
|---|---|---|
| Cloudflare, Inc. | Website hosting & encrypted file storage | USA / global edge |
| Anthropic, PBC | AI model used to analyse logs and produce the report | USA |
| Paddle.com Market Ltd | Payment processing & Merchant of Record (billing data only) | UK / EU |
We will give reasonable notice of any new sub-processor; you may object on reasonable data-protection grounds, in which case we will work with you in good faith or you may terminate the affected service.
More detail is on our Security page.
Uploaded logs are used only to generate your report and are deleted within 7 days. On termination, or on the Customer’s written request, Gideon will delete or return remaining personal data unless retention is required by law.
On reasonable written request and no more than once per year (or following a personal-data breach), Gideon will provide information reasonably necessary to demonstrate compliance with this DPA.
Gideon is based in India and its sub-processors may process data in the United States, the EU/UK, and elsewhere. Where required, the parties will rely on an appropriate transfer mechanism (such as the EU Standard Contractual Clauses), which is incorporated by reference where applicable.
Gideon will notify the Customer without undue delay after becoming aware of a personal-data breach affecting the Customer’s data, and will provide information reasonably available to help the Customer meet its own notification obligations.
Each party’s liability under this DPA is subject to the limitations in the Terms of Service. This DPA is governed by the laws of India, with the courts at Bengaluru (Bangalore), Karnataka having exclusive jurisdiction, consistent with the Terms.
Data-protection enquiries: audit@gideonhq.io.
← Back to gideonhq.io