Legal · Data handling

Data Handling & DPA

Where customer data lives in the LinkMesh world — and what the limited commercial-data slice of that picture looks like in a Data Processing Addendum. Written so a procurement reviewer can attach this URL to their vendor checklist without reading between the lines.

Effective date: 2026-05-21 · Last reviewed: 2026-05-21 · Version 1.0.

Request a signed copy

The short version

LinkMesh Server and the OpenTelemetry Collectors it manages run on your own infrastructure. Your telemetry — logs, metrics, traces — flows through your Collectors to your backends. None of it traverses OpenSight's network. Product binaries do not phone home. License verification happens offline against an embedded public key.

Under GDPR and the revised Swiss FADP, you are both the Controller and the Processor of your own telemetry. OpenSight is neither. Strictly, no DPA is required for the product itself, because there is no product-side processing of your data.

This document covers the other data flow — the one where OpenSight does act as a processor: your account record on linkmesh.io and in our subscription system, billing contact details, and any log file or configuration excerpt you choose to share with support. It identifies our sub-processors and offers a downloadable DPA template scoped to exactly that slice.

Three data zones, mapped

Procurement reviews tend to assume "vendor sees customer data". With LinkMesh that assumption is wrong by design. The three zones below make the boundary explicit.

Zone	What's in it	Who processes it	DPA needed?
Your telemetry	Logs, metrics, traces from your apps; Collector configurations; routing rules.	You — on your own infrastructure. OpenSight never sees it.	No — we are not a processor of this data.
Commercial data	Billing contact, company name, VAT/UID, plan and Collector count, payment metadata (no card numbers — Stripe holds those).	OpenSight, via the systems on this page.	Yes — covered by the DPA below.
Support material	Log excerpts, screenshots, or configuration snippets you choose to email us when opening a support case.	OpenSight, only when you actively share it.	Yes — covered by the DPA below.

Sub-processors

The third parties below process commercial or support data on OpenSight's behalf. Required disclosure under GDPR Art. 28(2). We update this list whenever a new third-party service touches customer data; material changes are also surfaced in the website footer.

Sub-processor	Purpose	Data categories	Location
Stripe Payments Europe, Ltd.	Subscription billing, invoice generation, card-data tokenization.	Billing name, email, address, VAT/UID, payment-method tokens. (Card numbers never reach OpenSight — they are entered directly into Stripe.)	Ireland (EU). Onward transfers under Stripe's own SCCs.
Google Cloud Platform (GCP), region `europe-west6`	Hosting of `linkmesh.io`, `subscriptions.saas.opensight.ch`, and the supporting databases.	Account records, billing contacts, subscription state, server access logs.	Zurich, Switzerland.
Google LLC (Google Analytics 4)	Consent-gated visitor analytics on `linkmesh.io` only. Default-denied via Consent Mode v2.	Anonymised page-view and CTA-click events. IP anonymisation enabled. No advertising signals.	United States, under the EU-U.S. Data Privacy Framework.
Mailgun Technologies, Inc.	Transactional email — license-envelope delivery, invoice receipts, support replies.	Billing-contact email address, message bodies (license envelopes, invoice PDFs, support correspondence).	EU region (Frankfurt, Germany).
GitLab Inc.	Source-code hosting and CI/CD for the LinkMesh codebase. Issue tracker for support cases that contain customer-shared excerpts.	Issue / support-ticket content (only when you choose to share material with us).	United States. SaaS instance under GitLab's own SCCs.

New sub-processor? We will update this page at least 30 days before the new sub-processor begins processing your commercial data, unless the change is required for security or legal-compliance reasons. To subscribe to material-change notices, email info@opensight.ch.

Where the product is not

For the avoidance of doubt — and because procurement checklists keep asking — the following claims are false about LinkMesh, and any DPA template that asserts them is mis-scoped:

"Vendor ingests customer telemetry." We do not. The Collectors run in your environment and write to your backends.
"Vendor stores customer configuration." We do not. Configurations live in a Git repository you control.
"Vendor receives usage metrics." We do not. Product binaries do not call back to OpenSight at runtime; license validation is fully offline against an embedded Ed25519 public key.
"Vendor can access customer dashboards." We cannot. There is no LinkMesh-operated control plane to access.

See Trust for the per-claim verification path.

Data Processing Addendum (DPA) — v1.0

The Addendum below applies between you (the Customer) and OpenSight (the Processor), with respect to commercial and support data only. It does not extend to your telemetry, which OpenSight does not process. This is a v1 template; negotiated terms are available on request for customers whose legal team requires changes.

1. Definitions

"Personal Data" has the meaning given in Article 4(1) of the GDPR. "Processing" has the meaning given in Article 4(2). "Customer Personal Data" means Personal Data that the Customer provides to the Processor in the course of the commercial relationship, comprising the categories listed in §3 below. "Sub-processor" means any third party engaged by the Processor that processes Customer Personal Data on its behalf. Other capitalised terms have the meaning given in the GDPR or the revised Swiss FADP, as applicable.

2. Scope and roles

The Customer acts as Controller; OpenSight acts as Processor with respect to the data categories in §3. OpenSight does not process Customer telemetry; the Customer remains the sole Controller and Processor of telemetry collected by the LinkMesh software running on the Customer's own infrastructure. This Addendum does not create a processor relationship in respect of that telemetry.

3. Categories of data and data subjects

Categories of Customer Personal Data:

Account and billing-contact identifiers (name, business email, postal address, telephone number, VAT/UID, role).
Subscription and invoicing data (plan tier, managed Collector count, invoice history, payment-method tokens).
Support material that the Customer voluntarily shares (log excerpts, configurations, screenshots, email correspondence).
Marketing-site analytics events, consent-gated, where Customer personnel browse linkmesh.io.

Categories of data subjects:

Customer's employees, contractors, and other personnel acting as billing, technical, or operational contacts.
Visitors to linkmesh.io originating from the Customer's organisation, where applicable.

4. Purpose and duration

Processing is performed solely to deliver the commercial relationship: provisioning of licenses, billing, customer support, security notifications, and statutory record-keeping. Processing continues for the duration of the subscription and for any retention period required by Swiss commercial-record law (currently 10 years for invoicing data under OR Art. 958f). Account and support data not subject to such retention obligations is deleted within 90 days of termination on Customer request.

5. Processor obligations

Process Customer Personal Data only on documented instructions from the Customer, including for transfers to third countries.
Ensure that personnel authorised to process Customer Personal Data are bound by confidentiality obligations.
Implement the technical and organisational measures described in §8 (Security).
Engage Sub-processors only in accordance with §6 (Sub-processors).
Assist the Customer in responding to data-subject requests under Articles 15–22 GDPR, taking into account the nature of the processing and the information available.
Assist the Customer in ensuring compliance with Articles 32–36 GDPR (security, breach notification, impact assessments).
Delete or return Customer Personal Data at termination, subject to the retention obligations in §4.
Make available to the Customer the information necessary to demonstrate compliance with Article 28 GDPR.

6. Sub-processors

The Customer authorises the use of the Sub-processors listed in the Sub-processors table above. OpenSight will give the Customer at least 30 days' prior notice of any intended addition or replacement of Sub-processors, by updating that table and emailing the Customer's notified billing contact. The Customer may object on reasonable data-protection grounds; if the objection cannot be resolved, the Customer may terminate the affected service for the remainder of the then-current term, pro-rata refunded.

7. International transfers

Where Customer Personal Data is transferred outside the EEA, the UK, or Switzerland, OpenSight relies on Standard Contractual Clauses (EU 2021/914, the UK IDTA, and the Swiss FDPIC adjustments thereto) with each affected Sub-processor, plus supplementary measures where required following Schrems II. The current list of jurisdictions and transfer mechanisms is in the Sub-processors table.

8. Security measures

TLS 1.2+ for all data in transit to OpenSight-operated services. HSTS enforced on linkmesh.io and *.saas.opensight.ch.
Encryption at rest for databases (GCP-managed AES-256).
Access to production systems restricted to named OpenSight personnel under MFA. Quarterly access reviews.
Backup retention: 30 days, encrypted, region-pinned to europe-west6.
Vulnerability management: dependency scanning on every CI run; critical-severity patches deployed within 14 days.
Logging of administrative actions in the subscription system; retention 12 months.

9. Breach notification

OpenSight notifies the Customer without undue delay, and in any event within 72 hours of becoming aware, of any Personal Data Breach affecting Customer Personal Data. Notification is sent to the notified billing contact and includes the nature of the breach, the categories and approximate number of data subjects, the likely consequences, and the measures taken or proposed to address it.

10. Audit rights

OpenSight makes available, on written request and no more than once per twelve-month period (or following a Personal Data Breach), the information necessary to demonstrate compliance with this Addendum, including third-party attestations where they exist. Where the Customer requires an on-site audit, the parties will agree reasonable scope, timing, and confidentiality terms in advance, and the Customer bears the reasonable costs of the audit.

11. Liability

Liability under this Addendum is subject to the limitations of liability in the LinkMesh Terms of Use and any negotiated commercial agreement between the parties.

12. Governing law

This Addendum is governed by the laws of Switzerland. Disputes are subject to the exclusive jurisdiction of the competent courts of Switzerland, without prejudice to mandatory rules of the Customer's local data-protection law.

13. Order of precedence

In the event of a conflict between this Addendum and any other agreement between the parties, this Addendum prevails with respect to the processing of Customer Personal Data.

Signatures

For procurement use, this v1 template is signed as published by OpenSight on the effective date above. A counter-signed copy can be requested by emailing info@opensight.ch with your company details — we return a PDF signed by Roman Hüsler (sole proprietor) within two business days.

Processor

OpenSight (Einzelunternehmen)

Roman Hüsler, Sole Proprietor

Switzerland

Signed on file: 2026-05-21

Customer

_____________________________

Name, role:

Company:

Date:

Trust & security — verifiable claims about how the product handles your telemetry on your infrastructure.
Privacy policy — what linkmesh.io collects from visitors.
Terms of use — commercial relationship.
Cookies & tracking — what we store in your browser.