Last updated Nov 17, 2022

About the Forge Data Processing Addendum

The Forge Data Processing Addendum (Forge DPA) is incorporated by reference in the Forge Terms, which all Forge developers must comply with in order to use the Forge platform.

How to accept the Forge Terms and the Forge DPA

A data processing addendum is a contract that outlines the rights and obligations of each party (in this case, Atlassian and Forge developers) concerning the protection of personal data.

Under the Forge DPA, Atlassian predominantly acts as a processor of personal data on behalf of Forge developers in connection with the provision of the Forge platform. However, in certain circumstances, Atlassian acts as a controller of personal data (for example, to comply with applicable laws, to ensure the security of the Forge platform, and to administer Forge services, including the Forge command-line interface). For more information, refer to Section 1.2 and Annex 1(B), Part B of the Forge DPA.

The Forge DPA also incorporates the EU standard contractual clauses (EU SCCs), which govern cross-border transfers of developers' (and their customers') personal data to Atlassian. The EU SCCs provide a mechanism to transfer European Economic Area (EEA) residents' data out of the EEA in a manner that is compliant with the General Data Protection Regulation (GDPR).

The Forge DPA also includes certain interpretative provisions to ensure that the EU SCCs apply to transfers of UK and Switzerland residents' personal data outside of those countries.

For more information, see these resources:

Rate this page: