DPA.
Art. 28 GDPR.
Last updated 2026-06-10
Where the Mate hosted service processes personal data on your behalf — for example, personal data present in repository contents, issue text, or merge request descriptions handled by a job container — Mate acts as a data processor under Art. 28 GDPR and you act as the data controller.
A signed Data Processing Agreement is available to Customers on request. Email privacy@mate.engineer with subject line "DPA request" and we will return a countersigned copy within five business days.
Subprocessors
Mate uses the following subprocessors when delivering the hosted service:
| Subprocessor | Purpose | Country |
|---|---|---|
| Hetzner Online GmbH | Cloud infrastructure — servers, object storage, networking | Germany (EU) |
| Your LLM provider (BYOK) | LLM inference — your own provider relationship; Mate does not proxy or sub-process it | Your choice |
In BYOK mode (the current default), your LLM provider is not a Mate subprocessor — you hold that relationship directly. Any personal data that flows to your LLM endpoint does so under your own data-processing arrangements with that provider.
On-prem
In on-prem mode the service runs entirely on your infrastructure. Mate has no access to your data; no subprocessor relationship applies. The enterprise contract covers the applicable terms.
Contact
For DPA requests, sub-processor questions, or GDPR queries: privacy@mate.engineer.