← Back to Home

Data Processing Agreement

SyncFutures LLC • Effective Date: August 17, 2025

This Data Processing Agreement ("DPA") forms part of the Terms of Service between you ("Data Controller" or "Customer") and SyncFutures LLC ("Data Processor" or "SyncFutures") and governs the processing of Personal Data in connection with the SyncFutures service (the "Service").

This DPA is designed to meet the requirements of the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws. This DPA applies when SyncFutures processes Personal Data on behalf of the Customer.

1. Definitions

"Personal Data" means any information relating to an identified or identifiable natural person that is processed by SyncFutures on behalf of the Customer under this Agreement.

"Data Subject" means the identified or identifiable natural person to whom Personal Data relates.

"Processing" has the meaning given to it in applicable Data Protection Laws and includes any operation performed on Personal Data.

"Data Protection Laws" means all applicable laws and regulations relating to the processing of Personal Data, including GDPR, UK GDPR, and other relevant privacy laws.

"Standard Contractual Clauses" or "SCCs" means the standard contractual clauses for data transfers adopted by the European Commission.

2. Scope and Nature of Processing

Purpose of Processing

SyncFutures processes Personal Data solely for the purpose of providing the Service, which includes:

  • Account management and user authentication
  • Trade synchronization and automation services
  • Customer support and technical assistance
  • Service analytics and performance monitoring
  • Security monitoring and incident response
  • Compliance with legal obligations

Categories of Personal Data

  • Identification data (name, email address)
  • Contact information (billing address)
  • Account credentials and authentication data
  • Payment information (processed by third-party processors)
  • Technical data (IP addresses, device information, usage logs)
  • Service configuration data (trading rules, API keys)
  • Support communications

Categories of Data Subjects

  • SyncFutures account holders
  • Authorized users of Customer accounts
  • Individuals who contact SyncFutures for support

3. Obligations of the Data Processor (SyncFutures)

Processing Instructions

SyncFutures will process Personal Data only on documented instructions from the Customer, including those set forth in this DPA and the Terms of Service, unless required to process by applicable law.

Confidentiality

SyncFutures ensures that persons authorized to process Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Security Measures

SyncFutures implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of Personal Data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security assessments and audits
  • Incident response and breach notification procedures
  • Employee training on data protection
  • Secure development and deployment practices

4. Sub-Processing

General Authorization

The Customer provides general authorization for SyncFutures to engage sub-processors for the processing of Personal Data, subject to the conditions set forth in this section.

Current Sub-Processors

Service ProviderPurposeLocation
Amazon Web ServicesCloud hosting and infrastructureUnited States
Stripe, Inc.Payment processingUnited States
ClerkAuthentication servicesUnited States

Sub-Processor Obligations

SyncFutures ensures that all sub-processors are bound by data protection obligations equivalent to those set forth in this DPA, including appropriate safeguards for international data transfers.

Changes to Sub-Processors

SyncFutures will notify the Customer of any intended changes concerning the addition or replacement of sub-processors. The Customer may object to such changes within 30 days of notification.

5. Data Subject Rights

SyncFutures will assist the Customer in fulfilling its obligations to respond to requests from Data Subjects to exercise their rights under applicable Data Protection Laws, including:

  • Right of access to Personal Data
  • Right to rectification of inaccurate Personal Data
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing

SyncFutures will respond to such requests within the timeframes required by applicable law and will provide reasonable assistance to the Customer in fulfilling its obligations.

6. Personal Data Breach

SyncFutures will notify the Customer without undue delay, and in any event within 72 hours, after becoming aware of a Personal Data breach affecting the Customer's Personal Data.

The notification will include, where possible:

  • A description of the nature of the Personal Data breach
  • The categories and approximate number of Data Subjects concerned
  • The categories and approximate number of Personal Data records concerned
  • The likely consequences of the Personal Data breach
  • Measures taken or proposed to address the breach and mitigate its effects

7. International Data Transfers

SyncFutures may transfer Personal Data to countries outside the European Economic Area (EEA). Such transfers will be protected by appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

Upon request, SyncFutures will provide the Customer with information about the safeguards in place for international data transfers.

8. Audits and Compliance

SyncFutures will make available to the Customer all information necessary to demonstrate compliance with the obligations laid down in this DPA and allow for and contribute to audits, including inspections, conducted by the Customer or another auditor mandated by the Customer.

SyncFutures maintains relevant documentation to demonstrate compliance with data protection obligations and undergoes regular third-party security assessments.

9. Return or Deletion of Personal Data

Upon termination of the Service, SyncFutures will, at the Customer's choice, delete or return all Personal Data to the Customer and delete existing copies, unless storage of the Personal Data is required by applicable law. Data deletion will be completed within 30 days of termination, unless a longer period is required by applicable law.

10. Limitation of Liability

The limitations of liability set forth in the Terms of Service apply to this DPA. Each party's liability under this DPA is subject to the terms and conditions, including limitations of liability, set forth in the Terms of Service.

11. Term and Termination

This DPA will remain in effect for as long as SyncFutures processes Personal Data on behalf of the Customer under the Terms of Service. Upon termination of the DPA, SyncFutures will return or delete Personal Data in accordance with Section 9.

12. Contact Information

For questions about this Data Processing Agreement or data protection matters:

  • Email: privacy@syncfutures.com
  • Data Protection Officer: dpo@syncfutures.com
  • Address: SyncFutures LLC, [Address], Austin, Texas, USA

This Data Processing Agreement supplements and forms part of the Terms of Service between SyncFutures and the Customer.