Data Processing Addendum

Last updated 21 June 2026

This addendum applies where, in using Wardrail, Ghostables Ltd (“Processor”) processes personal data on behalf of your organisation (“Controller”). It forms part of our Terms of Service.

Scope and roles

You are the Controller of any personal data contained in the repositories and contracts you connect; we act as Processor, processing it only to provide the Service and on your documented instructions.

Nature of processing

Subject matter — read-only static analysis and contract verification of code you connect.
Data subjects — typically your developers and contributors (e.g. names in commit metadata).
Data types — repository metadata, analysis results, and your account/billing data.
We do not process your source code at rest, your model API keys, or your AI prompts/responses (these never reach us — see the Privacy Policy).

Our obligations

Process personal data only on your instructions and for the Service.
Ensure people authorised to process it are bound by confidentiality.
Apply appropriate technical and organisational security measures (encryption in transit, client-side vault encryption, least-privilege access).
Assist you, where reasonable, with data-subject requests and security/breach obligations.
Notify you without undue delay after becoming aware of a personal-data breach.

Sub-processors

You authorise our use of sub-processors (hosting, Stripe, transactional email, GitHub) listed in the Privacy Policy. We remain responsible for their performance and will give notice before adding new ones, so you can object.

International transfers

Personal data is hosted in the UK/EU. Where any transfer outside the UK/EEA occurs, we rely on an approved safeguard such as the UK IDTA or EU Standard Contractual Clauses.

Deletion and return

On termination, or on your request, we delete or return personal data within a reasonable period, except records we must retain by law. You can also export and delete data yourself from the dashboard.

Audits

On reasonable request and notice, we’ll provide information necessary to demonstrate compliance with this addendum.

For a countersigned copy for your records, contact legal@wardrail.io.

Wardrail is a product of Ghostables Ltd. Questions: legal@wardrail.io. This document is a plain-language summary and does not replace legal advice.