Data Processing Agreement

Data Processing Agreement (DPA)

Effective date: 01 January 2026

Parties

This DPA is between mozok GmbH, Germany ("Processor") and the customer ("Controller").

Contact

General: hello@prilog.ai
Support: support@prilog.ai
Privacy: privacy@prilog.ai

Scope

This DPA applies to processing of personal data on behalf of the Controller when using Prilog.ai.

1. Definitions

Controller

The entity that determines the purposes and means of processing personal data.

Processor

mozok GmbH processes personal data on behalf of the Controller as described in this DPA.

Customer data

Personal data submitted to Prilog.ai through the service or integrations.

2. Processing details

Purpose

Provide AI remediation, observability correlation, and engineering workflow automation.

Duration

For the term of the agreement and any retention period requested by the Controller.

Location

Processing occurs in the European Union unless otherwise instructed by the Controller.

3. Processor obligations

Instructions

Process personal data only on documented instructions from the Controller.

Confidentiality

Ensure personnel are bound by confidentiality obligations and trained on data protection.

Assistance

Assist the Controller with data subject requests, DPIAs, and regulatory inquiries.

4. Security measures

Technical safeguards

Encryption in transit, role-based access controls, and secure authentication for systems.

Operational safeguards

Logging, monitoring, and incident response procedures to protect data.

Availability

Backups and resilience practices appropriate to the service.

5. Subprocessing

Authorized subprocessors

PostHog (EU analytics), AWS (cloud hosting), Google Cloud Platform (GCP auth and log access), Google SSO, Microsoft SSO, GitHub SSO, GitLab, Jira, Slack, Sentry, Datadog, and Azure.

Changes

We will notify the Controller of material changes to subprocessors and provide an opportunity to object.

6. Data subject requests

Assistance

We will assist the Controller in responding to data subject requests to access, delete, or correct data.

Direct requests

If we receive a request directly, we will direct the data subject to the Controller.

7. Breach notification

Notice

We will notify the Controller without undue delay after becoming aware of a personal data breach.

Details

Notifications will include available information on scope, impact, and mitigation steps.

8. International transfers

EU processing

Data is processed in the EU. Any transfer outside the EU will use approved safeguards such as SCCs.

9. Return or deletion

End of service

Upon termination, we will delete or return personal data as instructed, unless retention is required by law.

10. Audit rights

Audit

We will provide reasonable information to demonstrate compliance and accommodate audits with prior notice.

Schedule 1: Processing details

Data subjects

Customer employees, contractors, and end users whose data is included in logs, tickets, or repositories.

Data categories

Identifiers, contact details, log metadata, error events, repository metadata, and support communications.

Processing operations

Collection, storage, analysis, correlation, remediation drafting, and workflow delivery.

Schedule 2: Security measures

Access management

Role-based access controls, least privilege, and audit logging.

Data protection

Encryption in transit and at rest, secure key management, and network controls.

Availability

Backups, monitoring, and disaster recovery procedures.