GDPR Compliance
Last updated: February 15, 2026
Our Commitment
DeployGuard is fully committed to compliance with the General Data Protection Regulation (GDPR). We believe transparency is fundamental to trust. This page explains what data we collect, why we collect it, how we protect it, and what rights you have as a data subject.
Data We Collect
We collect only the minimum data necessary to provide our service. Here is a complete breakdown:
| Data Category | What We Collect | Purpose | Retention |
|---|---|---|---|
| Account Data | Email, name, company name | Account management & communication | Until account deletion + 30 days |
| Cluster Metadata | Cluster name, environment label, agent version | Service delivery & cluster identification | Until account deletion |
| Failure Events | Pod name, namespace, failure type, error message, timestamps | Core service — failure detection & alerting | Per plan (7d Free / 30d Team / 1yr Enterprise) |
| Agent Heartbeats | Agent version, last seen timestamp, cluster name | Agent health monitoring | Latest heartbeat only (overwritten) |
| Usage Analytics | Page views, feature usage (anonymized) | Product improvement | 90 days (aggregated) |
What We Do NOT Collect
Transparency also means being clear about what we don't do:
- We do not read your application source code
- We do not access your container images or file systems
- We do not collect environment variables or secrets
- We do not have write access to your Kubernetes cluster
- We do not store passwords in plain text
- We do not sell, share, or monetize your data with third parties
- We do not use your data for advertising or profiling
Legal Basis for Processing
We process your data under the following legal bases (Article 6 GDPR):
- Contract Performance (Art. 6(1)(b)): Account data and cluster data are processed to deliver the service you subscribed to.
- Legitimate Interest (Art. 6(1)(f)): Usage analytics to improve service quality and reliability. We balance our interest against your privacy rights.
- Consent (Art. 6(1)(a)): Marketing communications are only sent with your explicit consent. You can withdraw consent at any time.
- Legal Obligation (Art. 6(1)(c)): We may retain certain data to comply with legal requirements (e.g., billing records).
How We Protect Your Data
We implement comprehensive security measures to protect your information:
🔐 Encryption
All data encrypted in transit (TLS 1.3) and at rest (AES-256). Agent-to-control-plane communication is authenticated and encrypted.
🏗️ Infrastructure
Hosted on Google Cloud Platform in EU region (europe-west1). Data never leaves the EU unless you explicitly request it.
🔑 Access Control
Role-based access, multi-tenant data isolation, and regular access audits. Your data is never accessible to other tenants.
🛡️ Agent Security
The DeployGuard agent runs with read-only Kubernetes permissions. It cannot modify, delete, or create any resources in your cluster.
Your Rights Under GDPR
As a data subject, you have the following rights. We respond to all requests within 30 days:
Right of Access
Request a copy of all personal data we hold about you.
Right to Rectification
Request correction of inaccurate personal data.
Right to Erasure
Request deletion of your data. We will erase all personal data within 30 days of request.
Right to Data Portability
Receive your data in a structured, machine-readable format (JSON export).
Right to Object
Object to processing based on legitimate interest (e.g., analytics).
Right to Lodge a Complaint
You have the right to file a complaint with your local data protection authority.
Data Processing Agreement (DPA)
For Enterprise customers, we offer a Data Processing Agreement that covers the specifics of how we process data on your behalf. Our DPA includes Standard Contractual Clauses (SCCs) approved by the European Commission. Contact us at privacy@deployguard.net to request a DPA.
Sub-processors
We use the following sub-processors to deliver our service:
| Provider | Purpose | Location |
|---|---|---|
| Google Cloud Platform | Infrastructure hosting (GKE, Cloud SQL, Cloud Storage) | EU (europe-west1, Belgium) |
| Cloudflare | DNS, DDoS protection, CDN | Global (EU-compliant) |
| Slack (Salesforce) | Notification delivery (only if enabled by customer) | US (EU-US Data Privacy Framework) |
Data Breach Notification
In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours (as required by Article 33 GDPR) and affected data subjects without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
Contact Our Data Protection Team
For any GDPR-related inquiries, data access requests, or to exercise your rights:
Data Protection Officer
Email: privacy@deployguard.net
Response time: Within 30 days (usually much faster)