Data Processing Agreement
Roles of the parties
The partner operator acts as the data controller for player data ingested into the Syncora platform. Syncora Lab acts as the data processor for that data, processing it under the controller's documented instructions.
Processing instructions
Syncora processes partner data to operate CRM, journeys, bonuses, gamification, messaging, and analytics on behalf of the partner, and to provide developer API access as configured by the partner. Additional processing purposes require a written instruction.
Confidentiality
Personnel authorised to access partner data are bound by confidentiality obligations. Access follows least-privilege principles and is governed by role-based backoffice controls.
Security measures
Syncora maintains tenant isolation, RBAC, API-key secured server integrations, short-lived widget tokens, and audit logging. See Security & Trust for the current control set.
Sub-processors
Syncora relies on a limited set of infrastructure and messaging sub-processors (hosting, email, SMS, and push providers). A current list is available on request from legal@syncoralab.com.
Data subject requests
Partner operators handle data subject requests as controllers. Syncora provides reasonable technical assistance to fulfil access, correction, and deletion requests relating to data hosted in the platform.
Deletion and return of data
On termination of the partner relationship, partner data can be exported or deleted according to the partner's written instructions and any applicable retention obligations.
Contact
DPA questions and sign-off requests can be sent to legal@syncoralab.com.