Linzumi Open app

Linzumi Data Processing Addendum

Last updated: June 7, 2026

This Data Processing Addendum ("DPA") is for customers that need contractual data-processing terms.

1. Parties

This DPA is between Linzumi, Inc. ("Linzumi") and the customer entity that has agreed to the Terms of Service, Cloud Service Agreement, order form, or other written agreement for the Service ("Customer").

2. Definitions

"Customer Personal Data" means personal data contained in Customer Content that Linzumi processes on behalf of Customer to provide the Service.

"Data Protection Laws" means privacy and data protection laws applicable to Linzumi's processing of Customer Personal Data under the Agreement.

"Controller", "processor", "business", "service provider", "personal data", "personal information", "processing", and similar terms have the meanings given under applicable Data Protection Laws.

3. Roles

For Customer Personal Data, Customer is the controller/business and Linzumi is the processor/service provider, except where Linzumi processes personal information as an independent controller for account administration, security, billing, legal compliance, product analytics, or business operations described in the Privacy Policy.

4. Processing Instructions

Linzumi will process Customer Personal Data only:

  • To provide, secure, support, and improve the Service.
  • According to Customer's documented instructions.
  • As required by law.
  • As otherwise permitted by the Agreement and this DPA.

The Agreement, product configuration, GitHub permissions, user actions, and support requests are Customer's documented instructions.

5. Subject Matter And Details Of Processing

Subject Matter

Provision of Linzumi's AI-assisted collaboration, GitHub integration, project workspace, agent workflow, document, image, and related services.

Duration

The term of the Agreement plus any retention period required or permitted by the Agreement, law, backups, security, or deletion practices.

Categories Of Data Subjects

  • Customer users.
  • Customer employees, contractors, agents, and collaborators.
  • GitHub users whose information appears in connected repositories, pull requests, issues, comments, commits, checks, or related metadata.
  • People referenced in Customer Content.

Categories Of Personal Data

  • Names, emails, usernames, user IDs, account IDs.
  • GitHub identifiers, organization IDs, repository metadata, pull request and issue metadata.
  • Commit author metadata.
  • Chat messages, prompts, documents, comments, support requests, and workspace content.
  • Audio submitted for transcription and the resulting transcripts.
  • Usage, device, IP, log, and diagnostic data, including push notification tokens.
  • Images and generated artifacts where they contain personal data.

Sensitive Data

The Service is not intended for regulated sensitive personal data unless Linzumi expressly agrees in writing.

6. Confidentiality

Linzumi will ensure personnel authorized to process Customer Personal Data are subject to confidentiality obligations.

7. Security Measures

Linzumi will maintain appropriate technical and organizational measures designed to protect Customer Personal Data. A summary of current measures is available to customers upon request or under a signed agreement.

For enterprise customers, Linzumi may provide additional technical and organizational measures under a signed agreement.

8. Subprocessors

Customer authorizes Linzumi to use subprocessors to provide the Service. Linzumi's subprocessor list is published at https://serve.linzumi.com/subprocessors.

Linzumi will impose data-protection obligations on subprocessors that are materially no less protective than this DPA.

Customer provides general written authorization for Linzumi to use and route Customer Personal Data to subprocessors, model providers, model-routing providers, token services, infrastructure providers, and other service providers as needed to provide, secure, meter, support, and improve the Service. Linzumi may route between already-authorized providers as the Service evolves.

For any intended addition or replacement of a subprocessor that will process Customer Personal Data on Customer's behalf, Linzumi will inform Customer by updating the subprocessor list and, where reasonably practicable, by email, in-product notice, RSS/change feed, or another reasonable method at least 30 days before the addition or replacement takes effect. Where urgent security, service-continuity, legal, or operational reasons require a shorter notice period, Linzumi will provide notice as soon as reasonably practicable.

Customer may object to an intended addition or replacement on reasonable data-protection grounds during the notice period by contacting privacy@linzumi.com. Linzumi will use reasonable efforts to address the objection, including by providing additional information, changing configuration where feasible, or making another commercially reasonable workaround available. If the parties cannot resolve the objection, Customer may stop using the affected portion of the Service or terminate the affected order, if any, as Customer's sole remedy for that objection. Enterprise customers may receive additional notice or objection rights if provided in a signed agreement.

9. Data Subject Requests

Taking into account the nature of processing, Linzumi will reasonably assist Customer with data subject requests to the extent Customer cannot fulfill them through the Service.

10. Assistance

Linzumi will reasonably assist Customer with security, breach notification, DPIAs, and regulator consultations where required by Data Protection Laws and taking into account the nature of the Service and information available to Linzumi.

11. Security Incidents

Linzumi will notify Customer without undue delay after confirming a security incident affecting Customer Personal Data, unless prohibited by law.

Enterprise customers may receive additional notification commitments if provided in a signed agreement.

12. Return Or Deletion

Upon termination or written request, Linzumi will delete or return Customer Personal Data according to the Agreement, product functionality, retention practices, backups, and legal obligations.

13. International Transfers

If Customer Personal Data is transferred internationally and transfer safeguards are required, the parties will use appropriate transfer mechanisms, such as the Standard Contractual Clauses where applicable.

If required for a particular customer or jurisdiction, the parties may enter into standard contractual clauses, a UK addendum, a Swiss addendum, or another lawful transfer mechanism.

14. Audits

Linzumi will make available information reasonably necessary to demonstrate compliance with this DPA. Audits must be conducted in a manner that protects Linzumi systems, other customers, and confidential information.

Enterprise audit rights, if any, will be handled under the applicable signed agreement and must protect Linzumi systems, other customers, confidential information, and security.