FailPack

Last updated June 11, 2026

Data Processing Addendum

How FailPack processes customer content and account data for Cloud, reports, artifacts, workspaces, and agent features.

These documents are written for FailPack users and reviewers. They describe how the product is intended to operate and are not a substitute for legal advice.

1. Purpose

This Data Processing Addendum describes how FailPack processes personal data on behalf of customers when they use FailPack Cloud, workspaces, report storage, billing, and agent features.

If a separate signed data processing agreement exists between FailPack and a customer, that signed agreement controls for that customer.

2. Roles

For customer content uploaded to FailPack Cloud, the customer is generally the controller or business, and FailPack is generally the processor or service provider. For account, billing, security, abuse-prevention, and service administration data, FailPack may act as an independent controller where applicable.

3. Processing instructions

FailPack processes customer content to provide the service, including authentication, workspace access, cloud sync, report storage, artifact retrieval, retention, deletion, billing entitlement checks, agent analysis, security monitoring, and support.

The customer's use of the product, settings, API, CLI, dashboard, and plan configuration constitutes processing instructions.

4. Categories of data

  • Account and identity data such as email address, name, provider identifiers, session records, and workspace membership.
  • Developer report data such as logs, command output, git context, manifests, source snapshots, prompts, bundles, hashes, and metadata.
  • Operational data such as audit logs, API events, security events, usage counters, billing identifiers, and support communications.

5. Security measures

  • Authentication and workspace authorization checks before private data access.
  • Optional 2FA and trusted-device controls.
  • Private object storage and backend-mediated artifact access.
  • Rate limiting, audit logging, token/session expiry, and abuse-prevention controls.
  • Provider access limited to what is needed to operate and secure FailPack.

6. Subprocessors

FailPack may use subprocessors as described at /legal/subprocessors. We remain responsible for subprocessors we engage to process customer content on our behalf.

7. Deletion and return

Customers may delete reports and request account or workspace deletion as described at /legal/data-deletion. Some records may be retained where needed for security, billing, legal compliance, backup recovery, or dispute handling.

8. International transfers

Data may be processed in countries where FailPack or its providers operate. Where required, transfers are supported by appropriate contractual, technical, and organizational measures provided by the relevant service providers.

9. Assistance

FailPack will provide reasonable assistance for data subject requests, deletion requests, security questions, and compliance inquiries where required by applicable law and technically feasible for the service.

10. Contact

DPA and privacy questions can be sent to [email protected].