Last updated: 2026-07-12
This Data Processing Agreement (DPA) governs the processing of personal data by CloudForge Team GmbH on behalf of the customer, in accordance with Art. 28 GDPR.
CloudForge Team processes personal data solely to provide the CloudForge Sentinel service as described in the Master Service Agreement (MSA) and these Terms of Service.
We process personal data for: account management, service delivery, security (e.g. logging), billing, and customer support.
We process the following categories of personal data: - Account data (email, name) - Usage data (IP, browser, timestamps) - Customer-uploaded data (asset inventory, scan results, AI system metadata) - Support communications
Customers' employees, end users, and any individuals whose data is uploaded to the service by the customer.
Approved subprocessors: - Hetzner Online GmbH (Germany) – hosting - Cloudflare (EU) – CDN Customers will be notified 30 days before adding new subprocessors. Customers may object to new subprocessors.
We implement the following security measures: - TLS 1.3 encryption in transit - AES-256 encryption at rest - ISO 27001 certified data centers - Annual penetration tests - SOC 2 Type II controls - Access logging and monitoring - Multi-factor authentication for staff - Regular security training
We support the customer in fulfilling data subject rights (access, rectification, erasure, restriction, portability, objection) as required by GDPR.
We will notify the customer of any personal data breach within 72 hours of becoming aware, as required by Art. 33 GDPR.
Upon termination, all personal data is deleted within 30 days, unless legal retention obligations require longer storage.
Customers may audit our TOMs once per year with 30 days notice. We may satisfy audit requests with independent third-party audit reports (ISO 27001, SOC 2).
DPA inquiries: privacy@cloudforge.team