Data Processing Addendum for Syphe.ai
Last updated: October 13, 2025
This DPA forms part of the agreement between the Customer (“Controller”) and Syphe.ai (“Processor”) for the provision of the Services.
Syphe.ai processes Customer Personal Data solely to provide the Services described in the Agreement.
Customer is the Controller; Syphe.ai is the Processor.
Syphe.ai will process Customer Personal Data only on documented instructions from Customer, including with respect to transfers to a third country, unless required by law.
Processor ensures that persons authorized to process the data are under confidentiality obligations.
Processor implements appropriate technical and organizational measures (encryption, access control, logging, incident response) to ensure a level of security appropriate to risk.
Processor may engage subprocessors under a written agreement imposing data protection obligations. A current list is available upon request. Customer will be notified of material changes.
Transfers will rely on approved mechanisms (e.g., SCCs) as required by applicable law.
Processor assists Customer by appropriate technical and organizational measures to fulfill requests to access, rectify, delete, or port data.
Processor will notify Customer without undue delay upon becoming aware of a Personal Data Breach affecting Customer Personal Data.
Upon termination, Processor will delete or return Customer Personal Data, unless retention is required by law.
Processor will make available information necessary to demonstrate compliance and allow for audits by Customer or an auditor mandated by Customer, subject to confidentiality.
Liability is governed by the Agreement. Nothing in this DPA limits either party’s liability where not permitted by law.
This DPA is governed by the law applicable to the Agreement.