Maintainium Data Processing Addendum (Beta)

Last Updated: March 2026

‍1. Definitions and Roles

"Controller": The Client (who owns the code and the data within it).

‍"Processor": Maintainium (who processes the data on the Client’s behalf).

‍"Personal Data": Any information relating to an identified or identifiable natural person found within the repository (e.g., employee names in comments, user emails in test databases, or contributor metadata).

‍2. Scope of Processing

‍The Processor will process Personal Data only to the extent necessary to provide the AI-driven maintenance services, including dependency analysis, security patching, and code refactoring. Processing is limited to the duration of the beta agreement.

‍3. Processor’s Obligations

‍Maintainium agrees to:

‍Instructions: Process Personal Data only on documented instructions from the Controller.

‍Confidentiality: Ensure that all personnel authorized to access the code are subject to strict confidentiality obligations.

‍Security: Implement appropriate technical and organizational measures (TOMs) to protect against unauthorized access or data breaches.

‍Sub-processors: Maintainium currently uses AWS, OpenAI, and Github to provide the service. We will notify you of any intended changes to this list.

‍4. Data Subject Rights

‍Maintainium will provide reasonable assistance to the Client to respond to requests from individuals exercising their rights under data protection laws (e.g., requests for deletion or access to data found in the code).

‍5. Personal Data Breach

‍In the event of a suspected or actual data breach affecting the Client’s repository data, Maintainium will notify the Client without undue delay (within 72 hours) and provide a detailed report of the incident and mitigation steps.

‍6. Deletion or Return of Data

‍Upon termination of the service or at the Client’s request, Maintainium will delete or return all Personal Data, unless required by law to retain specific records.