Legal

Data Processing Agreement

Last updated: March 2026

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (Customer, Controller) and Syncaut (Processor) and governs the processing of Personal Data in connection with the Syncaut platform.

01

Roles and Scope

1.1 Roles

Data Controller

Customer

You determine the purposes and means of personal data processing.

Data Processor

Syncaut

We process personal data only on your behalf and per your instructions.

1.2 Scope

This DPA applies to all Personal Data processed by Syncaut on behalf of the Customer through the use of the platform and its integrations.

02

Nature and Purpose of Processing

Syncaut processes Personal Data solely to provide workflow automation services as configured by the Customer. Syncaut does not process Personal Data for its own purposes.

Processing activities may include

  • Receiving data from connected third-party services
  • Transforming or routing data between integrations
  • Triggering actions based on user-defined workflows
03

Categories of Data Subjects

Depending on Customer usage, data subjects may include:

End customers
Employees or contractors
Business contacts
Users of Customer applications
04

Types of Personal Data

The types of Personal Data processed are determined by the Customer and may include:

  • Names
  • Email addresses
  • Transactional data
  • Order or logistics data
  • Any other data transmitted via configured workflows
05

Customer Responsibilities

The Customer agrees to:

Lawful BasisEnsure lawful basis for processing Personal Data
Data Subject NoticesProvide required notices to data subjects
Responsible ConfigurationConfigure workflows responsibly
Data MinimizationAvoid transmitting unnecessary or sensitive data where not required
06

Processor Obligations

Syncaut agrees to:

  • Process Personal Data only on documented instructions from the Customer
  • Not sell or share Personal Data
  • Not use Personal Data for advertising or profiling
  • Ensure personnel handling data are bound by confidentiality obligations
    • 07

    Data Minimization & Limited Access

    • Only data required to execute workflows is processed
    • Processing is limited to user-configured automation steps
    • No access to data outside defined workflows

    Google Data (if applicable)

    • Syncaut only accesses files explicitly selected by the user
    • No access to entire Google Drive or unrelated files
    • Data is not retained beyond workflow execution unless required
    08

    Subprocessors

    Syncaut may use subprocessors (e.g., cloud infrastructure providers) to deliver the Service.

    Contractual Obligations

    Subprocessors are bound by data protection obligations

    Safeguards

    Appropriate safeguards are in place

    A list of subprocessors is available upon request at [email protected].

    09

    International Data Transfers

    Where Personal Data is transferred outside the Customer's jurisdiction:

    • Appropriate safeguards are implemented
    • Standard contractual clauses (SCCs) or equivalent protections are applied where required
    10

    Security Measures

    Syncaut implements appropriate technical and organizational measures, including:

    🔐

    Encryption in Transit

    TLS enforced on all connections

    🗄️

    Encryption at Rest

    All stored data is encrypted

    🔑

    Access Controls

    Authentication and authorization layers

    📋

    Monitoring & Logging

    Continuous audit trails

    🏗️

    Secure Infrastructure

    Industry-standard practices

    11

    Data Retention

    • Data is retained only as long as necessary to provide the Service
    • Workflow data is processed transiently where possible
    • Upon account deletion, data is deleted or anonymized within a reasonable timeframe
    12

    Data Subject Rights

    Syncaut assists the Customer in responding to data subject requests. Requests should be initiated by the Customer.

    Access
    Rectification
    Deletion
    Restriction
    13

    Incident Response

    In the event of a data breach:

    01Syncaut will investigate and mitigate the issue
    02Affected Customers will be notified without undue delay
    03Relevant information will be provided to support compliance obligations
    14

    Audits and Compliance

    Upon reasonable request, Syncaut may provide:

    • Documentation of security practices
    • Responses to security questionnaires

    Formal audits may be subject to scope and agreement.

    15

    Termination

    • Customer data will be deleted or returned upon request
    • Residual data will be securely removed within a reasonable timeframe
    16

    Contact

    For questions regarding this DPA:

    Privacy

    [email protected]

    Security

    [email protected]

    By using Syncaut, you agree to this Data Processing Agreement. For questions, contact [email protected].