This Data Processing Agreement ("DPA") forms part of the Terms of Service between you (the "Controller") and BookSyncer (the "Processor") and governs our processing of personal data on your behalf under the GDPR.
1. Roles
In respect of the accounting data you sync through the Service, you are the Controller and BookSyncer is the Processor. BookSyncer processes personal data only on your documented instructions, which are given through your configuration and use of the Service.
2. Subject matter and scope
The processing concerns the accounting and transaction data flowing from Stripe to e-conomic — including customer names, contact details, VAT numbers, amounts and related metadata — for the purpose of automatically recording your Stripe activity in e-conomic.
3. Duration
Processing continues for the term of your use of the Service and until data is deleted or returned in accordance with this DPA.
4. Processor obligations
- Process personal data only on your documented instructions.
- Ensure persons authorized to process the data are bound by confidentiality.
- Implement appropriate technical and organizational security measures (encryption in transit and at rest, EU hosting, least-privilege access, read-only Stripe access).
- Assist you, where reasonable, with data-subject requests and with your obligations under Articles 32–36 GDPR.
- Delete or return personal data at the end of the engagement, subject to legal retention requirements.
- Make available information necessary to demonstrate compliance.
5. Sub-processors
You authorize BookSyncer to engage sub-processors to provide the Service, including Cloudflare (hosting and email infrastructure) and Supabase (EU-hosted database). BookSyncer imposes data-protection obligations on sub-processors consistent with this DPA and remains responsible for their performance. We will inform you of intended changes to sub-processors and give you the opportunity to object.
6. International transfers
Personal data is hosted within the European Union. Where any transfer outside the EU/EEA occurs, it will be subject to an appropriate transfer mechanism as required by the GDPR.
7. Security
BookSyncer maintains technical and organizational measures appropriate to the risk, including encryption, access controls, and secure handling of credentials such as encrypted e-conomic grant tokens.
8. Personal data breach
BookSyncer will notify you without undue delay after becoming aware of a personal data breach affecting your data, with the information reasonably needed for you to meet your notification obligations.
9. Contact
Data protection matters: hello@booksyncer.com.