When This DPA Applies
This Data Processing Addendum applies where a business customer is the controller of personal data uploaded to GlideForge workspaces and GlideForge processes that personal data as processor to provide the service.
For account, billing, support, security, and service operation data, GlideForge acts as controller under the Privacy Policy.
Processing Details
| Item | Details |
|---|---|
| Subject matter | Hosting, processing, generating, storing, securing, exporting, and supporting ServiceNow delivery workspace content. |
| Duration | For the term of the customer account plus deletion, backup, legal, and security retention periods. |
| Nature and purpose | Providing AI-assisted planning, steps, tests, documentation, support, billing, security, and related product functionality. |
| Data subjects | Customer staff, customer end users, consultants, client contacts, and any individuals included in workspace content. |
| Categories of data | Names, business contact details, user identifiers, story details, notes, references, implementation context, generated outputs, and support content. |
| Special categories | Not intended. Customers must not upload special category data unless they have a lawful basis and written agreement that the service is suitable. |
Processor Obligations
- Process customer personal data only on documented instructions, including these Terms, the app workflow, and support requests.
- Use personnel and providers subject to confidentiality obligations.
- Apply appropriate technical and organisational measures for the platform.
- Assist with data subject requests, security incidents, deletion, and compliance where reasonable and legally required.
- Notify the customer without undue delay after becoming aware of a personal data breach affecting customer-controlled personal data.
Subprocessors and Transfers
The customer authorises GlideForge to use the subprocessors listed on the Subprocessors page. GlideForge remains responsible for subprocessor performance as required by applicable data protection law.
International transfers may use adequacy regulations, standard contractual clauses, UK international data transfer safeguards, or equivalent provider mechanisms.
Deletion and Return
On account closure or written request, GlideForge will delete or return customer personal data where reasonably possible, except where retention is required for legal, billing, security, dispute, backup, or legitimate operational reasons.
Audit and Liability
GlideForge will provide reasonable information needed to demonstrate compliance with this DPA. Any audit must be proportionate, protect other users and provider security, and avoid disruption.
Liability under this DPA is subject to the limits in the Terms unless applicable law requires otherwise.