LinuxGuard.io

Data Processing Addendum

Last updated: — Version 1.2

This Data Processing Addendum (“DPA”) forms part of and is incorporated into the LinuxGuard Software License and Service Agreement (“Agreement”) and governs the processing of personal data by LinuxGuard on behalf of the Customer.

1. DEFINITIONS AND INTERPRETATION

"Agreement" means the LinuxGuard Software License and Service Agreement between LinuxGuard Ltd and the Customer, as available at /legal/license.

"Controller" means the entity that determines the purposes and means of the processing of Personal Data.

"Customer Personal Data" means any Personal Data that LinuxGuard processes on behalf of the Customer as a Processor in the course of providing the Services under the Agreement.

"Data Protection Laws" means all applicable data protection and privacy laws, including (as applicable): the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU General Data Protection Regulation (EU) 2016/679, the EU ePrivacy Directive 2002/58/EC, and any national implementing legislation.

"Data Subject" means the identified or identifiable natural person to whom Personal Data relates.

"Personal Data" has the meaning given in the applicable Data Protection Laws and means any information relating to a Data Subject.

"Processor" means the entity that processes Personal Data on behalf of the Controller.

"Processing" (and "process") has the meaning given in the applicable Data Protection Laws.

"Security Incident" means any accidental, unauthorised, or unlawful destruction, loss, alteration, disclosure of, or access to, Personal Data.

"Sub-processor" means any Processor engaged by LinuxGuard to assist in fulfilling its obligations under this DPA.

"Supervisory Authority" means an independent public authority responsible for monitoring the application of Data Protection Laws.

"Sovereign Deployment" means a deployment of the LinuxGuard Platform configured to use exclusively EU/EEA+UK-based Sub-processors and infrastructure in accordance with Annex 4 of this DPA.

"AWS European Sovereign Cloud" or "AWS ESC" means the operationally and architecturally separate AWS cloud partition (currently region eusc-de-east-1, Brandenburg, Germany), which is distinct from standard commercial AWS Regions, operates under EU-only jurisdiction with EU-resident personnel, and is specifically designed to meet European digital sovereignty requirements. AWS ESC is not subject to the same cross-jurisdictional access risk as standard AWS commercial infrastructure by virtue of its separate operational structure.

"Infrastructure Sovereignty Migration" means a transition by LinuxGuard from standard AWS commercial infrastructure to AWS ESC (or an equivalent EU-native cloud provider), resulting in the removal of the jurisdictional exposure described in Section 5.5.

2. SCOPE AND ROLES

2.1 Scope. This Data Processing Addendum ("DPA") applies to the Processing of Customer Personal Data by LinuxGuard on behalf of the Customer in the course of providing the Services under the Agreement. This DPA forms part of and is incorporated into the Agreement.

2.2 Roles. With respect to Customer Personal Data, the Customer acts as the Controller and LinuxGuard acts as the Processor. Where applicable, the Customer may itself act as a Processor on behalf of its own customers (Sub-processor relationship), in which case the Customer warrants that it has the relevant Controller's authorisation for LinuxGuard's Processing.

2.3 Details of Processing. The subject matter, nature, purpose, duration, types of Personal Data, and categories of Data Subjects are described in Annex 1 of this DPA.

2.4 Instructions. LinuxGuard shall process Customer Personal Data only on the documented instructions of the Customer (as set out in the Agreement, this DPA, or as otherwise agreed in writing), unless required to do so by applicable law. LinuxGuard shall promptly notify the Customer if, in its opinion, an instruction would infringe Data Protection Laws.

3. LINUXGUARD'S OBLIGATIONS

3.1 Confidentiality. LinuxGuard shall ensure that persons authorised to process Customer Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

3.2 Security. LinuxGuard shall implement and maintain appropriate technical and organisational measures as described in Annex 2 to protect Customer Personal Data against Security Incidents and to ensure a level of security appropriate to the risk.

3.3 Sub-processors. LinuxGuard shall not engage Sub-processors to Process Customer Personal Data without general or specific prior written authorisation from the Customer. LinuxGuard shall maintain a list of Sub-processors (as set out in Annex 3) and shall notify the Customer of any intended changes (additions or replacements). The Customer may object to new Sub-processors on reasonable grounds within 14 days of notification. If the Customer objects to a new Sub-processor on reasonable grounds and the parties are unable to resolve the objection within 30 days, the Customer may terminate the relevant Services on written notice, and LinuxGuard shall provide a pro-rata refund of any prepaid fees for the terminated Services for the period following the effective date of termination.

3.3a Sub-processor Liability. LinuxGuard shall ensure that each Sub-processor is subject to data protection obligations equivalent to those in this DPA, whether through the Sub-processor's own published data processing terms, standard contractual clauses, or other legally recognised mechanism. LinuxGuard shall remain liable to the Customer for the acts and omissions of its Sub-processors to the extent LinuxGuard would be liable if performing the relevant services directly under the terms of this DPA. This liability is subject to the limitations and caps set out in the Agreement.

3.4 Data Subject Rights. LinuxGuard shall assist the Customer (by appropriate technical and organisational measures) in fulfilling the Customer's obligations to respond to requests from Data Subjects exercising their rights under Data Protection Laws, taking into account the nature of the Processing.

3.5 Security Assistance. LinuxGuard shall assist the Customer in ensuring compliance with its security obligations under Data Protection Laws, taking into account the nature of the Processing and the information available to LinuxGuard.

3.6 Data Protection Impact Assessment. LinuxGuard shall provide reasonable assistance to the Customer in conducting data protection impact assessments and prior consultations with Supervisory Authorities, to the extent required by Data Protection Laws.

3.7 Security Incidents. LinuxGuard shall notify the Customer without undue delay (and in any event within 72 hours) after becoming aware of a Security Incident affecting Customer Personal Data. Notification shall include: (a) description of the Security Incident; (b) categories and approximate number of Data Subjects and Personal Data records affected; (c) likely consequences of the Security Incident; and (d) measures taken or proposed to address the Security Incident.

3.8 Deletion or Return. Upon termination of the Agreement or upon written request of the Customer, LinuxGuard shall: (a) within 30 days, delete or return all Customer Personal Data held in active production systems; and (b) within 90 days, securely delete all Customer Personal Data from backup systems and archives. LinuxGuard shall provide written confirmation of deletion upon request. Notwithstanding the foregoing, LinuxGuard may retain Customer Personal Data for longer periods where required by applicable law, in which case LinuxGuard shall notify the Customer and restrict Processing to only that required by such legal obligation.

3.9 Audit Rights. LinuxGuard shall make available to the Customer all information reasonably necessary to demonstrate compliance with this DPA. Audit rights shall be subject to the following conditions: (a) the Customer shall provide at least 30 days' prior written notice of any audit; (b) audits shall be conducted no more than once per 12-month period, unless required by a Supervisory Authority or following a confirmed Security Incident; (c) the Customer shall reimburse LinuxGuard's reasonable costs incurred in supporting an audit, charged at LinuxGuard's standard professional services rates then in effect; (d) any auditor shall be subject to confidentiality obligations no less protective than those in this DPA; and (e) LinuxGuard may satisfy audit requests in whole or in part by providing relevant third-party audit reports or certifications (including ISO 27001, SOC 2 Type II, or equivalent) — where such reports are provided and reasonably address the Customer's audit scope, a separate on-site audit shall not be required for that scope.

3.10 Sovereign Deployment Option. Where a Customer requires a Sovereign Deployment, LinuxGuard shall, upon written request, configure the Services to operate using exclusively the EU/EEA+UK-sovereign Sub-processors and infrastructure listed in Annex 4. LinuxGuard shall confirm in writing the activation of a Sovereign Deployment within 14 days of receipt of a Customer's written request.

3.11 Infrastructure Sovereignty Roadmap. LinuxGuard's current production infrastructure operates on Amazon Web Services standard commercial infrastructure, with all Customer Personal Data hosted in AWS eu-west-1 (Dublin, Ireland) and AWS eu-central-1 (Frankfurt, Germany) as set out in Annex 1. LinuxGuard acknowledges that, as a US-headquartered company, Amazon Web Services, Inc. may be subject to compelled disclosure obligations under United States law (including the Clarifying Lawful Overseas Use of Data Act, Pub. L. 115-141 (the "CLOUD Act")), notwithstanding the EU location of the data. LinuxGuard mitigates this risk through Standard Contractual Clauses and supplementary technical measures as set out in Section 5 and Annex 2. LinuxGuard confirms that a transition to the AWS European Sovereign Cloud (as defined in Section 1) is technically feasible and commercially viable as a near-term decision, given LinuxGuard's existing AWS infrastructure and the architectural compatibility of AWS ESC with LinuxGuard's current stack. LinuxGuard shall complete such a migration upon: (a) a Customer's written request made pursuant to Section 3.10 where Infrastructure Sovereignty is required; or (b) a decision by LinuxGuard's board to complete an Infrastructure Sovereignty Migration as a standard platform upgrade. LinuxGuard shall notify all Customers of the completion of any Infrastructure Sovereignty Migration within 30 days of its completion.

4. CUSTOMER'S OBLIGATIONS

4.1 Instructions. The Customer shall provide lawful instructions to LinuxGuard regarding the Processing of Customer Personal Data and shall ensure that such instructions comply with Data Protection Laws.

4.2 Accuracy and Lawfulness. The Customer is responsible for the accuracy, quality, and legality of Customer Personal Data and the means by which the Customer acquired it. The Customer warrants that it has all necessary rights, consents, and lawful bases to provide Customer Personal Data to LinuxGuard for Processing under this DPA.

4.3 Compliance. The Customer shall comply with all applicable Data Protection Laws in its own processing activities and in its use of the Services.

5. INTERNATIONAL TRANSFERS

5.1 Restricted Transfers. LinuxGuard shall not transfer Customer Personal Data outside the UK or EEA (a "Restricted Transfer") unless an appropriate transfer mechanism is in place.

5.2 Transfer Mechanisms. Where LinuxGuard makes a Restricted Transfer, it shall ensure that one of the following mechanisms applies: (a) the destination country has been deemed adequate by the relevant authority; (b) the Standard Contractual Clauses for the transfer of personal data to third countries pursuant to EU Commission Decision 2021/914 ("EU SCCs") are in place — where applicable, Module 2 (Controller to Processor) shall apply, with Clause 17 governed by the laws of the Republic of Ireland and disputes submitted to the courts of the Republic of Ireland, and the competent supervisory authority shall be the Irish Data Protection Commission; (c) for transfers subject to UK GDPR, the UK International Data Transfer Addendum to the EU SCCs issued by the Information Commissioner's Office (Version B1.0, in force 21 March 2022) ("UK IDTA") is in place; (d) the transfer is subject to binding corporate rules; or (e) another recognised lawful transfer mechanism applies, including certification under the EU-US Data Privacy Framework where the receiving entity holds a valid DPF certification.

5.3 Sub-processor Transfers. LinuxGuard shall ensure that any Sub-processors engaged outside the UK or EEA are bound by appropriate transfer mechanisms consistent with this section.

5.4 Sovereign Deployment — Transfer Restrictions. Where a Sovereign Deployment has been activated pursuant to Section 3.10, LinuxGuard shall ensure that no Customer Personal Data is transferred to, stored in, or processed by any infrastructure or Sub-processor located outside the EU/EEA+UK boundary. LinuxGuard shall document and make available to the Customer on request a transfer impact assessment for any Sub-processor operating outside the EU/EEA+UK in the standard (non-Sovereign) deployment.

5.5 Jurisdictional Risk Disclosure — Standard Deployment. The Parties acknowledge that LinuxGuard's standard deployment uses infrastructure provided by Amazon Web Services, Inc. ("AWS"), a company incorporated in the United States. Whilst all Customer Personal Data is hosted and processed within the European Economic Area (eu-west-1, Dublin; eu-central-1, Frankfurt), AWS may be subject to compelled access requests under United States federal law, including the CLOUD Act. LinuxGuard has implemented the following supplementary measures to mitigate this risk, consistent with the guidance of the European Data Protection Board: (a) encryption of all Customer Personal Data at rest and in transit with keys managed within the EU using AWS KMS; (b) Standard Contractual Clauses (EU Commission Decision 2021/914) governing the AWS processing relationship; and (c) a documented Transfer Impact Assessment available to Customers upon request. Customers with heightened sovereignty requirements may activate a Sovereign Deployment under Section 3.10 or request an Infrastructure Sovereignty Migration to AWS ESC under Section 3.11, both of which remove the residual jurisdictional exposure described in this Section. This disclosure is made in satisfaction of LinuxGuard's transparency obligations under Article 13(1)(e) and Article 28(3) of the EU GDPR.

6. LIABILITY AND INDEMNITY

6.1 Liability. Each party's liability under this DPA is subject to the limitations set out in the Agreement. However, nothing in this DPA limits either party's liability under applicable Data Protection Laws.

6.2 Customer Indemnity. The Customer shall indemnify and hold harmless LinuxGuard against any claims, liabilities, penalties, fines, or expenses (including reasonable legal fees) arising from the Customer's breach of this DPA or of applicable Data Protection Laws.

6.3 LinuxGuard Indemnity. LinuxGuard shall indemnify and hold harmless the Customer against any claims, liabilities, penalties, fines, or expenses (including reasonable legal fees) arising directly from LinuxGuard's breach of this DPA or of applicable Data Protection Laws.

7. TERM AND TERMINATION

7.1 Term. This DPA shall remain in force for the duration of the Agreement and shall automatically terminate upon termination of the Agreement.

7.2 Survival. Sections 3.7 (Security Incidents), 3.8 (Deletion or Return), and 6 (Liability and Indemnity) of this DPA shall survive termination.

8. GENERAL

8.1 Hierarchy. In the event of a conflict between the terms of this DPA and the Agreement with respect to data protection matters, this DPA shall prevail.

8.2 Governing Law. This DPA is governed by the laws of England and Wales.

8.3 Amendments. LinuxGuard may update this DPA from time to time to reflect changes in Data Protection Laws or its processing activities. LinuxGuard shall provide at least 30 days prior written notice of any material changes.

8.4 Entire Agreement. This DPA, together with the Agreement and its annexes, constitutes the entire agreement between the parties with respect to the Processing of Customer Personal Data.

8.5 Certifications. LinuxGuard processes Customer Personal Data in compliance with UK GDPR, EU GDPR 2016/679, and the Data Protection Act 2018. LinuxGuard is currently pursuing ISO 27001 certification and SOC 2 Type II attestation is planned. Upon award, LinuxGuard shall notify Customers and make relevant reports available under NDA upon request.

ANNEX 1: DETAILS OF PROCESSING

Subject Matter: Processing of Personal Data in the course of providing the LinuxGuard Platform and Agent Software services.

Nature and Purpose: Collection, storage, analysis, and reporting of server telemetry and identity data to enable security monitoring, identity visibility, least privilege enforcement, and compliance reporting for Customer's Linux server infrastructure.

Duration: For the duration of the Agreement, after which Customer Personal Data shall be deleted or returned in accordance with Section 3.8.

Types of Personal Data: Username and account identifiers; SSH key fingerprints and metadata; Sudo rule assignments and privilege data; Login timestamps and session data; IP addresses and network identifiers; Process execution records; File access and audit log entries; System configuration data.

Categories of Data Subjects: Customer's employees, contractors, and service accounts that interact with Linux servers monitored by the Agent Software.

Primary Hosting Location: All Customer Personal Data, including backups, metadata, and security telemetry, is stored in AWS eu-west-1 (Dublin, Ireland). Disaster recovery and geographic redundancy is provided from AWS eu-central-1 (Frankfurt, Germany). Both regions are located within the European Economic Area. No Customer Personal Data is stored in regions outside the EU/EEA+UK in the standard deployment.

ANNEX 2: TECHNICAL AND ORGANISATIONAL MEASURES

LinuxGuard implements and maintains the following technical and organisational security measures:

1. Access Control. Role-based access control (RBAC) for all Platform components. Multi-factor authentication enforced for administrative access. Principle of least privilege applied to all systems and personnel.

2. Encryption. All Customer Data encrypted in transit using TLS 1.2 or higher. Customer Data encrypted at rest using AES-256 or equivalent. Encryption keys managed using AWS KMS with customer-level isolation.

3. Network Security. Platform hosted in isolated VPC environments. Network segmentation between application, data, and management tiers. Intrusion detection and prevention systems in place.

4. Vulnerability Management. Regular vulnerability scanning of Platform components and Agent Software. Penetration testing conducted at least annually by independent third parties. Prompt patching of critical vulnerabilities.

5. Incident Response. Documented Security Incident response plan. Dedicated security team on-call for incident response. Security Incident notification procedures as described in Section 3.7.

6. Logging and Monitoring. Comprehensive audit logging of access to Customer Data. Real-time monitoring and alerting for anomalous activity. Logs retained for a minimum of 12 months.

7. Personnel Security. Background checks conducted on personnel with access to Customer Data (where permitted by law). Security awareness training for all personnel. Confidentiality obligations in employment contracts. All engineers, administrators, and support personnel with access to the production environment are legal residents of the UK or EU/EEA and are employed by or under contract to LinuxGuard Ltd, a UK-registered entity (Company No. 16581101) subject to UK and EU labor and privacy laws. Support for EU/EEA+UK customers is provided exclusively by UK/EU-based personnel; no follow-the-sun access by offshore personnel is used for production environments.

8. Physical Security. Platform infrastructure hosted in SOC 2 or ISO 27001-certified data centres. Physical access controls including biometric authentication and CCTV.

9. Business Continuity. Regular backups of Customer Data with tested restoration procedures. Disaster recovery plan with defined recovery time and recovery point objectives. Geographic redundancy provided via AWS eu-west-1 (primary, Dublin, Ireland) and AWS eu-central-1 (DR, Frankfurt, Germany). All backup, failover, and recovery operations remain within the EU/EEA boundary.

10. Vendor Management. Security assessments of Sub-processors before engagement. Contractual security obligations imposed on all Sub-processors. Regular review of Sub-processor security posture.

11. Data Minimisation. Collection of only the Personal Data necessary for the provision of the Services. Regular review of data collection practices to ensure continued minimisation.

12. Remote Access Controls. Remote administrative access to production systems is controlled via MFA, RBAC, and audit logging. LinuxGuard is implementing a Just-In-Time (JIT) access model for production environment administration, to be fully operational by Q4 2026. Upon completion, all privileged access to production systems will require JIT approval and will be logged and time-limited.

13. Management Plane Sovereignty. The LinuxGuard Platform management plane operates within AWS eu-west-1 (Dublin, Ireland). LinuxGuard is implementing isolation of the management plane from global corporate networks, targeting completion by Q4 2026. Progress on this implementation will be made available to Customers on request.

ANNEX 3: SUB-PROCESSORS

Sub-processor Sovereignty Notice: Sub-processors marked ⚠️ are entities headquartered outside the EU/EEA+UK and are engaged under appropriate lawful transfer mechanisms (Standard Contractual Clauses under EU Commission Decision 2021/914, or UK International Data Transfer Agreements as applicable). All such Sub-processors are contractually bound to process Customer Personal Data exclusively within EU/EEA infrastructure in the standard deployment. Where a Customer requires the elimination of non-EU/EEA-headquartered Sub-processors entirely, LinuxGuard is technically capable of substituting each such Sub-processor with an EU/EEA+UK-sovereign functional equivalent, as set out in Annex 4.

LinuxGuard engages the following Sub-processors to assist in providing the Services. All Sub-processors are subject to data processing agreements consistent with this DPA.

Scroll horizontally to see the full table →

Sub-processorHQ LocationPurposeGDPR Transfer MechanismSovereign Alt.Date Added
Amazon Web Services (AWS)United States ⚠️Cloud infrastructure and hosting (compute, storage, networking, KMS) — all instances in eu-west-1 and eu-central-1AWS EU DPA + SCCsYes (AWS ESC)24 Feb 2026
UptraceEuropean UnionApplication performance monitoring and distributed tracingEU entity — no transferN/A24 Feb 2026
PineconeUnited States ⚠️Vector database for anomaly detection and ML featuresSCCsYes — Annex 424 Feb 2026
Neo4jSweden / United States ⚠️Graph database for security relationship mappingSCCs (EU entity available)Yes — Annex 424 Feb 2026
Redis LabsUnited States ⚠️In-memory caching and session managementSCCsYes — Annex 424 Feb 2026
HubSpot†United StatesCRM and marketing contact data only. Does not process Customer Personal Data as defined in this DPA.SCCsOut of scope24 Feb 2026
Google Analytics†United StatesAnonymous website visitor analytics only. Does not process Customer Personal Data as defined in this DPA.SCCsOut of scope24 Feb 2026
SparkPostUnited States ⚠️Transactional email deliverySCCs (EU entity available)Yes — Annex 424 Feb 2026

LinuxGuard may update this list of Sub-processors from time to time. The Customer will be notified of any changes in accordance with Section 3.3 of this DPA.

† Out-of-scope tools: HubSpot and Google Analytics are listed for transparency only. They process contact/CRM data and anonymous web analytics respectively and do not process Customer Personal Data as defined in this DPA. They are therefore not Sub-processors for the purposes of GDPR Article 28 and this Annex.

ANNEX 4: SOVEREIGN DEPLOYMENT — EU/EEA+UK SUB-PROCESSOR SCHEDULE

Availability Notice: The EU/EEA+UK-sovereign alternatives listed below represent technically validated substitutes for each standard Sub-processor. LinuxGuard confirms that migration to each listed alternative is technically feasible without material disruption to the Services. Items marked [COMMERCIAL] indicate that migration is subject to a commercial decision and/or final contractual arrangements with the relevant sovereign provider, which LinuxGuard commits to completing upon activation of a Sovereign Deployment under Section 3.10. LinuxGuard shall provide a written timeline for any such migration within 30 days of a Customer's written request.

This Annex applies only where a Customer has activated a Sovereign Deployment pursuant to Section 3.10 of this DPA. Upon activation, the following EU/EEA+UK-sovereign Sub-processors will be substituted for the standard US-headquartered equivalents listed in Annex 3.

Scroll horizontally to see the full table →

Standard Sub-processorSovereign AlternativeHQ / RegionPurposeStatus
AWS (standard)AWS European Sovereign CloudLuxembourg / EUCloud infrastructure and hosting[COMMERCIAL] — AWS ESC (eusc-de-east-1, Brandenburg) is a separate AWS partition; migration is architecturally compatible and commercially viable. Subject to onboarding and account migration.
PineconeQdrant (self-hosted or Qdrant Cloud EU)Germany (EU)Vector database for ML/anomaly detection[COMMERCIAL] — technically validated; subject to final contractual engagement
Redis LabsSelf-hosted Redis on AWS eu-west-1/eu-central-1 or Upstash EUEUIn-memory caching and session management[COMMERCIAL] — technically validated; subject to final contractual engagement
Neo4jNeo4j AuraDB EU (Sweden/EU region)Sweden (EU)Graph databaseAvailable now — EU region activation only
SparkPostBrevo (formerly Sendinblue)France (EU)Transactional email delivery[COMMERCIAL] — technically validated; subject to integration and DPA with Brevo

Activation: Customer must request Sovereign Deployment in writing. LinuxGuard will confirm availability and estimated migration timeline within 14 days. Pricing: Sovereign Deployment may be subject to additional charges. LinuxGuard will provide a written quote prior to activation.

ANNEX 5: WORKFORCE SOVEREIGNTY STATEMENT

LinuxGuard Ltd confirms the following with respect to personnel who have access to the production environment and Customer Personal Data:

1. Residency. All engineers, system administrators, and support personnel with access to the LinuxGuard production environment are legal residents of the United Kingdom or the European Economic Area.

2. Employment. All such personnel are employed by or engaged under contract to LinuxGuard Ltd (Company No. 16581101), a UK-registered entity. All employment and contractor relationships are governed by UK and/or EU labor law and privacy obligations.

3. Support Residency. LinuxGuard provides 24/7 support for Enterprise customers exclusively through UK/EU-based personnel. No "follow-the-sun" model involving offshore personnel outside the UK/EEA is used for production environment access or Enterprise support.