Data Processing Addendum

This addendum applies whenever you use the Agency plan to forward alerts or weekly reports from NoCrash to your clients' email addresses (the client_email on a connection, or any other forwarded recipient you configure). It forms part of the Terms of Service and the Privacy Policy.

In plain GDPR terms: you (the agency) are the data controller for your client's email address; NoCrash (Global Leap OÜ) is the processor. This page is the Article 28 contract between us for that processing.

It only covers forwarded recipients. Your own account data (your email, your billing details, the events from your connected tools) is covered by the main Privacy Policy, where NoCrash acts as a controller jointly with you.

Subject matter and duration

• Subject matter: delivery of operational alert emails and weekly report emails from NoCrash to a recipient address you configured.
• Duration: for as long as the connection (or the forwarded-recipient configuration on it) exists in your account. When you delete the connection or remove the recipient, processing stops.

Nature and purpose of processing

• Sending alert emails when a watched workflow fails or recovers.
• Sending weekly report emails summarising workflow activity.
• Honouring unsubscribe requests from your client (disabling forwarding for that recipient and notifying you).

We do not use your client's email for any other purpose — no marketing, no profiling, no sale.

Personal data processed

• Email address of the recipient (required).
• Display name of the recipient (optional, only if you provide client_name).
• Delivery metadata: timestamp of each send, message ID, delivery/bounce/complaint status from our email provider.

No other categories of personal data about your client are processed under this addendum.

Categories of data subjects

Your clients — the people whose email addresses you enter as forwarded recipients on a NoCrash connection.

Sub-processors

We use the following sub-processors to deliver forwarded emails and, where you have enabled them, the related alert and AI-assistant features:

• Amazon Web Services, Inc. — Amazon Simple Email Service (SES). Region: US East (N. Virginia, us-east-1). Purpose: SMTP delivery of the forwarded email. Personal data transferred: recipient email address, sender details, message content, delivery metadata. Cross-border transfers from the EU/EEA to the United States rely on the EU-US Data Privacy Framework (AWS is certified) and, where required, on the European Commission's Standard Contractual Clauses included in the AWS Data Processing Addendum.
• Slack Technologies, LLC. Region: United States. Purpose: delivery of alert messages to a Slack workspace, if you have enabled Slack as an alert channel and the alert relates to a connection that has a forwarded recipient configured. Personal data transferred: the recipient identifier you configured in Slack (channel or user) and the body of the alert message. Cross-border transfers rely on the EU-US Data Privacy Framework (Slack is certified) and Standard Contractual Clauses as a fallback.
• Anthropic, PBC. Region: United States. Purpose: generation of the AI-written portion of weekly reports and answering questions from your own AI assistants over MCP (see "MCP access" below), where those outputs reference a forwarded recipient. Personal data transferred: the recipient's display name (if you provided one) and any event metadata your assistant asks about. We reach Anthropic through OpenRouter today; both are named here so you have the full chain. Anthropic does not train on this data. Cross-border transfers from the EU/EEA to the United States rely on the EU-US Data Privacy Framework (Anthropic is certified) and Standard Contractual Clauses as a fallback transfer mechanism, as included in the Anthropic data processing addendum.
• OpenRouter, Inc.. Region: United States. Purpose: routing the prompts described above to the language-model provider (today, Anthropic). Personal data transferred: the same compact event description we send to Anthropic. OpenRouter is not currently DPF-certified, so transfers rely on Standard Contractual Clauses included in the OpenRouter data processing addendum.

We will give you 30 days' notice (via email to your account address, or via an in-app banner) before adding or replacing a sub-processor used for forwarded recipients. If you object, you can disable forwarding or terminate the Agency plan; we'll refund any unused portion of a prepaid annual term.

MCP access (your own AI assistants)

If you connect your own AI assistant (Claude Desktop, Cursor, or any other Model Context Protocol client) to NoCrash using your API key, that assistant can ask NoCrash for the list of watches, recent events, and the daily brief on your behalf. Where those answers reference a forwarded recipient (for example, a recipient's display name appearing in a brief), the event data leaves NoCrash to reach the assistant and, in turn, the assistant's own language-model provider.

You control this entirely: nothing flows over MCP unless you have connected an assistant with your API key, and revoking the key in Settings ends the connection right away. NoCrash never pushes data to an MCP client on its own. You are responsible for choosing which assistants to connect and for the privacy terms of their underlying providers (for most users, that means Anthropic — see Sub-processors above).

Data retention

• The recipient email address is stored only on the connection record. When you delete the connection or remove the recipient, the address is deleted within 30 days (the same retention window as the rest of your account data).
• Delivery metadata (send timestamp, message ID, bounce/complaint status) is retained for 12 months for audit and abuse prevention, then deleted automatically. Legal basis: legitimate interests (GDPR Article 6(1)(f)) — security, abuse prevention, and processor audit obligations under Article 28(3)(h).
• If a recipient unsubscribes, we keep a hashed record of the opt-out indefinitely so we don't accidentally re-send to them if you re-enable the forwarding. Technical detail: the unsubscribe record is stored as a one-way SHA-256 hash that we cannot reverse to reveal the underlying email address. We retain it indefinitely solely to honor the data subject's own Article 21 right of objection and to comply with US CAN-SPAM law (§316.5), which requires us to maintain a suppression list in perpetuity.
• We do not retain forwarded recipients independently of the connection. There is no marketing list to export.
• AWS SES bounce/complaint handling: In addition to NoCrash's own unsubscribe tracking, Amazon Simple Email Service automatically suppresses hard bounces and complaint reports account-wide for a minimum of 14 days and offers a permanent suppression-list feature. We use SES's bounce/complaint handlers to detect and log hard bounces and abuse complaints, and the resulting suppressions are managed through SES's suppression list. This is a processor action (SES is our sub-processor), and the email addresses on the SES suppression list are treated as withdrawn consent for forwarding purposes — we will not re-enable forwarding for a hard-bounced address without explicit re-opt-in.

Data subject rights

Your client can exercise their GDPR rights two ways:

• Directly through us — every forwarded email includes a List-Unsubscribe header and a footer unsubscribe link. Clicking it disables forwarding for that recipient across all of your connections that use the same address, and we notify you that the opt-out happened.
• Through you — for access, correction, erasure, portability, restriction, or objection beyond unsubscribe, your client should contact you (the controller). We will assist you in responding within the GDPR deadlines on request, at no additional charge for reasonable volumes.

If your client contacts NoCrash directly with a rights request that goes beyond unsubscribe, we will forward the request to you within 5 business days and confirm receipt to your client.

Confidentiality and security

• NoCrash personnel with access to forwarded-recipient data are bound by written confidentiality obligations.
• Recipient email addresses are stored in our PostgreSQL database, encrypted at rest at the disk level and protected in transit by TLS.
• Access to production data is restricted to a small number of named operators and logged.
• We will implement and maintain technical and organisational measures appropriate to the risk, as required by GDPR Article 32.

Personal data breaches

If we become aware of a personal data breach affecting forwarded recipients, we will notify you without undue delay and in any event within 72 hours of discovery, with enough detail for you to meet your own notification obligations under GDPR Article 33.

Notification will be sent to the email address on your NoCrash account.

Audit rights

You have the right to audit our compliance with this addendum once per 12-month period, on 30 days' written notice, during normal business hours, and without disrupting our operations. In practice, we'll satisfy most audit requests by sharing our existing security documentation (architecture summary, sub-processor list, breach-response playbook, recent penetration-test or vulnerability-scan summary).

If your auditor needs access to systems or staff, we'll work out scope, cost, and confidentiality terms in advance. The cost of any on-site or deep-technical audit is borne by the requesting party unless the audit reveals a material breach of this addendum.

International transfers

NoCrash's servers and our sub-processors (Amazon SES in region us-east-1, Slack, Anthropic, and OpenRouter) are located in the United States. Personal data of EU/EEA, UK, or Swiss data subjects is therefore transferred to the United States. We rely, in this order of preference, on:

1. The EU-US Data Privacy Framework, the UK Extension, and the Swiss-US Data Privacy Framework adequacy decisions (verifiable at dataprivacyframework.gov) for sub-processors that are self-certified under the DPF;
2. The European Commission's Standard Contractual Clauses (Module 3, processor-to-sub-processor) as included in each sub-processor's data processing addendum, as a fallback transfer mechanism if the DPF certification is suspended or invalidated, or as the primary mechanism for any sub-processor that is not DPF-certified.

The per-sub-processor mapping is as follows:

• Amazon Web Services, Inc. — DPF-certified; SCCs (Module 3, in the AWS Data Processing Addendum) as fallback.
• Slack Technologies, LLC — DPF-certified (through its parent Salesforce, Inc.); SCCs as fallback.
• Anthropic, PBC — DPF-certified; SCCs (included in the Anthropic data processing addendum) as fallback.
• OpenRouter, Inc. — not currently DPF-certified; SCCs (included in the OpenRouter data processing addendum) as the primary transfer mechanism.

We have assessed the transfer in light of Schrems II (CJEU C-311/18) and the additional safeguards introduced by US Executive Order 14086 of October 2022, and consider each recipient's certification (or SCCs where certification is not available), combined with the limited nature of the personal data transferred (recipient email address and message metadata, no special-category data), to provide protection essentially equivalent to that guaranteed within the EU.

NoCrash acts as data exporter and each US sub-processor named above acts as data importer for the purposes of the SCCs.

End of processing

When you delete a connection, remove the forwarded recipient from it, downgrade off the Agency plan, or terminate your account, we stop processing the relevant recipient address and delete it within 30 days, except for:

• The hashed unsubscribe record (kept indefinitely so we honour the opt-out forever), and
• Delivery metadata (kept for the 12-month audit window described above).

On request, we will confirm in writing that deletion has occurred.

Changes to this addendum

If we change anything material — for example, adding or replacing a sub-processor, or changing the retention windows — we will update the "Last updated" date at the top, email you, and give you 30 days to object before the change applies. Small wording fixes won't trigger an email.

Contact

Questions about this addendum, sub-processors, or breach notifications: [email protected].