Data Processing Addendum.
This page summarises TeamSync's standard DPA. The DPA executed with each customer controls; the standard text is the negotiation baseline.
Request the DPA — sales-legal@teamsync.example.com
Coverage.
| Regime | Coverage |
|---|---|
| EU GDPR | TeamSync as processor; SCCs (Module 2 + 3) |
| UK GDPR | UK IDTA |
| EU-US Data Privacy Framework | Self-certification — see Trust Center |
| California CCPA / CPRA | Service-provider role |
| Other US state privacy | Equivalent service-provider terms |
| PIPL (China) | Per-region treatment |
| PDPA (Singapore + ASEAN variants) | Per-region treatment |
| LGPD (Brazil) | Equivalent treatment |
Sub-processors.
The current sub-processor list is published at /legal/sub-processors/ and updated continuously. Customers receive change notification per the DPA.
Technical and organisational measures (TOMs).
Documented in Annex II of the DPA, including:
- Encryption in transit (TLS 1.3) + at rest (AES-256-GCM)
- Per-tenant envelope encryption with Crypto-shred capability
- Multi-factor authentication for administrative access
- Continuous monitoring + incident response per the SOC 2 + ISO 27001 attestations
- Personnel screening + training
- Physical security via certified data centre operators
- Tamper-evident audit logging via Merkle audit ledger
Data subject rights assistance.
TeamSync provides reasonable assistance to controllers responding to data-subject rights requests, including support for Article 17 right-to-erasure via crypto-shred.
Breach notification.
TeamSync notifies affected customers without undue delay (target: within 48 hours of confirmation), per DPA terms.
How to engage.
| Need | Action |
|---|---|
| Standard DPA review | Available on request |
| Customer redline | Sales-legal team |
| Sub-processor list subscription | Via Trust Center |
| Incident notification preferences | Set during contracting |