Legal
Data Processing Agreement
Last updated: June 25, 2026
Purpose
This Data Processing Agreement applies when Synveron processes personal information on behalf of a customer through a Synveron product. It supplements the Terms of Service and applies only to customer-controlled data processed by Synveron.
Roles
The customer is the controller or organization responsible for the data it connects to Synveron. Synveron is the processor or service provider for customer-controlled data, except where Synveron processes information for its own account administration, billing, security, or legal obligations.
Processing instructions
Synveron processes customer data only to provide, secure, support, and improve the product, comply with law, and follow documented customer instructions through product configuration, support requests, or marketplace settings.
Security measures
- Access controls for production systems and connected marketplace accounts.
- Environment-based secret management rather than hardcoded credentials.
- Transport encryption for modern HTTPS endpoints.
- Operational logging and abuse prevention appropriate to the product and plan.
- Data minimization in product design and support workflows.
Subprocessors
Synveron may use subprocessors for hosting, database infrastructure, email, billing, marketplace integration, analytics, support, or AI processing. Current or expected subprocessors include Cloudflare, Railway, Shopify, HubSpot, Stripe, Resend, and Anthropic.
Data subject requests
If Synveron receives a request from an individual about customer-controlled data, Synveron may direct the requester to the customer unless law requires otherwise. Customers can contact support for export or deletion assistance where a product does not already provide self-serve controls.
Deletion and return
Upon product uninstall, account closure, or valid request, Synveron will delete or return customer data according to product capabilities, legal obligations, backup cycles, and retention requirements.
International transfers
Customer data may be processed in Canada, the United States, or other jurisdictions where Synveron or subprocessors operate. Synveron uses contractual and operational safeguards appropriate to the provider and data type.
Contact
DPA questions can be sent to support@synveron.com.