Legal
Data Processing Agreement
Effective date: April 28, 2026
01
Definitions
The Customer acts as Controller and VisionHammer as Processor under the GDPR.
02
Scope and Purpose
VisionHammer processes Personal Data only to the extent necessary to provide the Service to the Customer, acting solely on the Customer's documented instructions.
03
Nature of Processing
Categories of data: names, business email addresses, log data, Git commit metadata. Duration: the term of the subscription plus 90 days following termination.
04
Obligations of the Processor
VisionHammer shall process Personal Data only on documented instructions; ensure confidentiality; implement appropriate security measures; assist with Data Subject requests; delete or return Personal Data on termination; and notify of any breach without undue delay.
05
Security Measures
| Execution locality | Source code is processed within the Customer infrastructure and is never transferred to VisionHammer servers. |
| Encryption in transit | All network traffic is encrypted via HTTPS/TLS 1.2+. |
| Access controls | Least-privilege role-based access. MFA required for all administrative access. |
| Audit logging | All access events are logged and retained for review. |
| OAuth-first architecture | No long-lived credentials are stored. Customer authorisation is granted and revoked via OAuth. |
06
Sub-processors
VisionHammer engages the sub-processors listed below. The Customer will be notified at least 30 days before any change.
| Provider | Purpose | Location |
|---|---|---|
| AWS | Infrastructure | USA |
| Anthropic | AI inference | USA |
| Google Gemini | AI inference | USA |
| Stripe | Payments | USA / EU |
VISIONHAMMER, Lda. · Lisbon, Portugal
← Back to home