Data Processing Agreement

This Data Processing Agreement (“DPA”) is entered into between DIGISMART MEGA LTD (“Processor”) and the enterprise customer (“Controller”) who has entered into a subscription agreement with SmartCodeFixer.

Last Updated: April 2026

This DPA supplements and forms part of the SmartCodeFixer Terms of Service. In the event of a conflict between this DPA and the Terms of Service, the terms of this DPA shall prevail with respect to the processing of personal data.

1. Definitions

  • Personal Data, any information relating to an identified or identifiable natural person, as defined in the UK GDPR and EU GDPR.
  • Processing, any operation performed on Personal Data, including collection, storage, use, disclosure, or deletion.
  • Controller, the enterprise customer who determines the purposes and means of Processing Personal Data.
  • Processor,DIGISMART MEGA LTD, which processes Personal Data on behalf of the Controller.
  • Sub-processor, any third party engaged by the Processor to process Personal Data.

2. Scope and Purpose of Processing

The Processor shall process Personal Data only on documented instructions from the Controller, for the sole purpose of delivering the SmartCodeFixer service, including:

  • User authentication and account management
  • Real-time code analysis and bug detection
  • Delivery of fix suggestions and explanations
  • Service usage analytics and performance monitoring
  • Customer support communications

The Processor shall not process Personal Data for any purpose other than those specified above without the prior written consent of the Controller.

3. Categories of Personal Data Processed

  • Name and email address of end users
  • Authentication credentials (stored in hashed form)
  • IP addresses and device identifiers
  • Usage logs and session data
  • Code submitted for analysis (processed transiently; not retained beyond the active session unless explicitly enabled by the user)

4. Processor Obligations

The Processor agrees to:

  • Process Personal Data only on the Controller's documented instructions
  • Ensure that personnel authorised to process Personal Data are bound by confidentiality obligations
  • Implement appropriate technical and organisational security measures, including encryption of data in transit and at rest
  • Not use Personal Data to train AI models or for any secondary purpose without explicit consent
  • Assist the Controller in responding to data subject rights requests (access, rectification, erasure, portability, restriction, objection)
  • Notify the Controller without undue delay, and within 72 hours where feasible, upon becoming aware of a Personal Data breach
  • Delete or return all Personal Data upon termination of the service agreement, unless retention is required by applicable law
  • Make available to the Controller all information reasonably necessary to demonstrate compliance with this DPA

5. Sub-processors

The Controller provides general authorisation for the Processor to engage sub-processors. The Processor currently uses the following categories of sub-processors:

  • Payment processing , Stripe, Inc. (United States)
  • Cloud infrastructure & hosting , Vercel, Inc. (United States)
  • Analytics, Vercel Analytics (aggregated, anonymised)

The Processor shall inform the Controller of any intended additions or replacements of sub-processors, giving the Controller a reasonable opportunity to object. All sub-processors are bound by data protection obligations equivalent to those in this DPA.

6. International Transfers

Where Personal Data is transferred outside the UK or European Economic Area, the Processor shall ensure that such transfers are made in compliance with applicable data protection law, including through the use of Standard Contractual Clauses or other approved transfer mechanisms.

7. Data Retention

Personal Data is retained only for as long as necessary to deliver the service or as required by applicable law. Account data is deleted within 30 days of account closure unless a longer retention period is required by law. Code submitted for analysis is not retained beyond the active session.

8. Security Measures

The Processor maintains the following technical and organisational measures:

  • TLS encryption for all data in transit
  • Encryption of data at rest using AES-256
  • Access controls and role-based permissions for personnel
  • Regular security assessments and vulnerability testing
  • Incident response procedures with defined escalation paths

9. Governing Law

This DPA is governed by the laws of England and Wales. Any disputes arising under this DPA shall be subject to the exclusive jurisdiction of the courts of England and Wales.

10. Contact

To execute this DPA, request a signed copy, or raise a data protection enquiry, contact us at info@smartcodefixer.com.

Company Information

DIGISMART MEGA LTD
Company Registration Number: 16925464
Address: 192 Downing Road, Dagenham, England, RM9 6LU
Email: info@smartcodefixer.com
Phone: +447475355392