Last updated: 13 July 2026
For personal data of the Customer's own end customers processed through Syncy (contacts, message content, phone numbers), the Customer is the Controller and Syncy is the Processor. Syncy processes such data only on the Customer's documented instructions, including as configured in the platform.
The Controller authorizes Syncy to engage subprocessors to deliver the service, including cloud hosting, the WhatsApp Business Platform (Meta), payment processors, and analytics providers. Syncy remains responsible for its subprocessors and will impose data-protection terms consistent with this DPA. We will provide notice of material changes to subprocessors and a reasonable opportunity to object.
Where personal data is transferred across borders, the parties will rely on appropriate safeguards (such as Standard Contractual Clauses or equivalent) as required by applicable law.
Syncy maintains a security program appropriate to the risk and will notify the Controller without undue delay after becoming aware of a personal-data breach affecting the Controller's data, with the information needed to meet the Controller's obligations.
Syncy will make available information reasonably necessary to demonstrate compliance with this DPA and, on reasonable request and subject to confidentiality, support audits relevant to the processing.
The Controller warrants that it has a lawful basis and valid opt-in/consent to process and message its end customers, and that its instructions comply with applicable law and the WhatsApp/Meta policies.
MindValley LLC · 30 N Gould St Ste R, Sheridan, WY 82801, USA · sales@syncy.tech