Data Processing Agreement (summary)
This summary outlines how StackSync handles personal data it processes on your behalf. A full DPA is available to customers on request.
Roles
For records you sync through StackSync, you are the data controller and StackSync is the data processor. We process those records only on your documented instructions.
Scope of processing
Processing is limited to synchronising and, where configured, automating workflows on the records you connect. We do not retain those records after a sync operation completes.
Security measures
We apply encryption in transit and at rest, role-based access control, audit logging, and continuous monitoring. You can select processing regions to meet data-residency requirements.
Sub-processors
We use a limited set of sub-processors to operate the service, each under contract. A current list is available on request, and we will inform customers of material changes.
International transfers
Where data is transferred outside the EEA, we rely on appropriate safeguards such as the European Commission's standard contractual clauses.
Your assistance rights
We assist you, taking into account the nature of processing, in responding to data-subject requests and in meeting your security and breach-notification obligations under the GDPR.
Requesting the full DPA
To receive the complete Data Processing Agreement and sub-processor list, email [email protected].