Skip to content

Logfire Data Processing Addendum

Last update: 2024-09-24

This Data Processing Addendum ("Addendum") is incorporated into the Logfire Terms of Service (the "Logfire Terms") between Customer (as defined below) and Pydantic Services Inc. ("PSI"). This Addendum will become legally binding upon the effective date of the Logfire Terms. This Addendum reflects the parties' commitment to abide by Data Protection Laws (as defined below) concerning the Processing of the Customer's Personal Data. Any capitalized terms that are not defined herein shall have the meaning set forth in the Logfire Terms. If this Addendum conflicts with the Logfire Terms, this Addendum shall control.

1. Definition

For the purposes of this Addendum, the foll terms and those defined within the body of this Addendum apply. All capitalized terms that are not expressly defined in this Addendum will have the meanings given to them in the Cloud Terms.

  • "Customer", "you", "your" means the individual or organization that agrees to the Logfire Terms.

  • "Customer Personal Data" means all Personal Data within the Client Data.

  • "Data Protection Laws" means all applicable data privacy, data protection, and cybersecurity laws, rules and regulations to which the Customer Personal Data are subject. "Data Protection Laws" may include, but is not limited to, the California Consumer Privacy Act of 2018 ("CCPA"); the EU General Data Protection Regulation 2016/679 ("GDPR") and its respective national implementing legislations; the Swiss Federal Act on Data Protection; the United Kingdom General Data Protection Regulation; and the United Kingdom Data Protection Act 2018 (in each case, as amended, adopted, or superseded from time to time).

  • "Personal Data" has the meaning assigned to the term "personal data" or "personal information" under applicable Data Protection Laws.

  • "Process" or "Processing" means any operation or set of operations which is performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

  • "Security Incident(s)" means the breach of security leading to the unauthorized or unlawful Processing of Customer Personal Data attributable to PSI.

  • "Subprocessor(s)" means any individual or organization that processes Customer Personal Data on PSI's behalf.

  • "Logfire Services" means the Services as defined in the Logfire Terms.

2. Processing Terms for Customer Personal Data

  • Documented Instructions. PSI shall Process Customer Personal Data to provide the Logfire Services in accordance with the Logfire Terms, this Addendum, and any instructions mutually agreed upon by parties in writing. PSI will, unless legally prohibited from doing so, inform Customer in writing if it reasonably believes that there is a conflict between Customer's instructions and applicable law or otherwise seeks to Process Customer Personal Data in a manner that is inconsistent with Customer's instructions.

  • Authorization to Use Subprocessors. To the extent necessary to fulfill PSI's contractual obligations under the Logfire Terms, Customer hereby authorizes PSI to engage Subprocessors. PSI maintains a list of our Subprocessors. We will update this list at least seven days before the addition of or replacement of any Subprocessor. Customer may terminate the Logfire Services if it does not agree to any such addition or replacement.

  • PSI and Subprocessor Compliance. PSI agrees to (i) enter into a written agreement with Subprocessors regarding such Subprocessors' Processing of Customer Personal Data that imposes data protection requirements on such Subprocessors for Customer Personal Data that are consistent with this Addendum; and (ii) remain responsible to Customer for Subprocessors' failure to perform their obligations with respect to the Processing of Customer Personal Data.

  • Confidentiality. Any person authorized to Process Customer Personal Data must be legally bound or obligated to maintain the confidentiality of such information.

  • Personal Data Inquiries and Requests. Where required by Data Protection Laws, PSI agrees to provide reasonable assistance and comply with reasonable instructions from Customer, at Customer's expense, related to any requests from individuals exercising their rights in Customer Personal Data granted to them under Data Protection Laws. PSI will notify Customer without undue delay if it receives any request from an individual seeking to exercise rights relating to Personal Data under Data Protection Laws or any request or inquiry regarding the processing of Customer Personal Data from a regulator, supervisory authority, law enforcement agency, or other governmental or official body.

  • Sale or Sharing of Customer Personal Data Prohibited. PSI shall not sell or share Customer Personal Data as the terms "sell" and "share" are defined in the CCPA.

  • Data Protection Impact Assessment and Prior Consultation. Where required by Data Protection Laws, PSI agrees to provide reasonable assistance at Customer's expense to Customer when, in Customer's reasonable judgement, the type of Processing performed by PSI requires a data protection impact assessment and/or prior consultation with the relevant data protection authorities.

  • Demonstrable Compliance. PSI agrees to provide information reasonably necessary to demonstrate compliance with this Addendum upon Customer's reasonable request and to reasonably cooperate with Customer to remedy any unauthorized processing of Customer Personal Data.

  • Aggregation and De-Identification. PSI may: (i) compile aggregated and/or de-identified information in connection with providing the Logfire Services provided that such information cannot reasonably be used to identify Customer or any data subject to whom Customer Personal Data relates ("Aggregated and/or De-Identified Data"); and (ii) use Aggregated and/or De-Identified Data for its lawful business purposes.

3. Information Security Program

PSI shall use commercially reasonable efforts to implement and maintain reasonable administrative, technical, and physical safeguards designed to protect Customer Personal Data.

4. Security Incidents

Upon becoming aware of a Security Incident, PSI agrees to provide you with written notice without undue delay and, in any event, within seventy-two hours.

5. Cross-Border Transfers of Customer Personal Data

  • Cross-Border Transfers of Personal Data. Customer authorizes PSI and its Subprocessors to transfer Customer's Personal Data, across international borders, including from the European Economic Area ("EEA"), Switzerland, and/or the United Kingdom to the United States.

  • EEA, Swiss, and UK Standard Contractual Clauses. If Customer Personal Data originating in the EEA, Switzerland, and/or the United Kingdom is transferred by virtue of Customer's use of the Logfire Service to a country that has not been found to provide an adequate level of protection under applicable Data Protection Laws and PSI has not enacted any other suitable mechanism to render such transfer lawful under Data Protection Laws, the parties agree that the transfer shall be governed by appropriate standard data protection clauses as set forth below.

  • With regard to transfers out of the EEA or Switzerland, the appropriate modules of the "EU Standard Contractual Clauses" ("SCCs") set forth in the "Annex to the COMMISSION IMPLEMENTING DECISION on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679" and presently available here shall apply. The optional clause 7 of the SCCs shall not apply. In situations where Clause 9 applies, "Option 2" and the time period of seven days shall apply in Clause 9(a). The optional component of Clause 11 shall not apply. In Clause 17, "Option 1" and the law of the Republic of Ireland shall apply. The blank in Clause 18(b) shall read "Ireland." The appendix shall be deemed to include the information about the transfers set forth throughout this Addendum and the Logfire Terms. By agreeing to the LogFire Terms, the parties deem the SCCs to be legally binding as if they had been physically signed by both parties.

  • With regard to transfers out of the United Kingdom, the "International Data Transfer Addendum to the EU Commission Standard Contractual Clauses" ("IDTA") that is presently available here shall apply. Tables 1-3 in the IDTA shall be deemed to refer to the SCCs and the other information set forth throughout this Addendum and the Logfire Terms. For purposes of Table 4, the "Importer" and "Exporter" options shall apply.

6. Audits

Where Data Protection Laws afford Customer an audit right, Customer (or Customer's mutually agreeable appointed representative) may, at Customer's expense, carry out an audit of PSI's policies, procedures, and records relevant to the Processing of Customer Personal Data. Any audit must be:

  1. conducted during PSI's regular business hours;
  2. with reasonable advance notice to PSI;
  3. carried out in a manner that prevents unnecessary disruption to PSI's operations; and
  4. subject to reasonable confidentiality procedures.

In addition, any audit shall be limited to once per year, unless an audit is carried out at the direction of a government authority having proper jurisdiction.

7. Customer Personal Data Deletion

At the expiration or termination of the Logfire Terms, PSI will, at Customer's option and at PSI's then-current rate, delete or return all Customer Personal Data (excluding any back-up or archival copies which shall be deleted in accordance with PSI's data retention schedule), except where PSI is required to retain copies under applicable laws, in which case PSI will isolate and protect that Customer Personal Data from any further Processing except to the extent required by applicable laws.

8. Customer's Obligations

Customer represents and warrants that (i) it has complied and will comply with Data Protection Laws; (ii) it has provided data subjects whose Customer Personal Data will be Processed in connection with the Agreement with a privacy notice or similar document that clearly and accurately describes Customer's practices with respect to the Processing of Customer Personal Data; (iii) it has obtained and will obtain and continue to have, during the term, all necessary rights, lawful bases, authorizations, consents, and licenses for the Processing of Customer Personal Data as contemplated by this Addendum and the Logfire Terms; and (iv) PSI's Processing of Customer Personal Data in accordance with this Addendum and the Agreement will not violate Data Protection Laws or cause a breach of any agreement or obligations between Customer and any third party.

9. Processing Details

  • Purpose of Processing. The purpose of the Processing is to provide increased visibility into the use of Customer's software in accordance with the Logfire Terms.

  • Subject Matter. The subject matter of the Processing is the Logfire Services pursuant to the Cloud Terms.

  • Duration. The Processing will continue until the expiration or termination of the Logfire Terms.

  • Categories of Data Subjects. Data subjects whose Customer Personal Data will be Processed pursuant to the Logfire Terms.

  • Types of Customer Personal Data. Customer Personal Data that is Processed pursuant to the Logfire Terms.

  • Contact Information for PSI. Privacy inquiries may be directed to PSI at legal@pydantic.dev or by post to: Pydantic, 1207 Delaware Ave #1225 Wilmington, DE 19806. Privacy inquiries may be directed to Customer using the information associated with Customer's registration with PSI.

  • Frequency of Transfers: Continuous.