Data Processing Addendum

This SyncSuite Data Processing Addendum (“Addendum”) forms part of the Terms of Purchase, Terms of Use or other written or electronic agreement (the “Agreement”) between you and 22 Apps Inc. (“SyncSuite”), a British Columbia company with offices in Port Moody, BC, Canada.

1. DEFINITIONS

“Data Protection Regulations” means all laws applicable to personal data processed under the Agreement, including the GDPR (2016/679), the Data Protection Act 2018, and Canada's PIPEDA/PIPA regulations.

“Services” means any AI-driven marketing automation, website generation, CRM management, and business scaling tools provided by SyncSuite.

2. BACKGROUND & SCOPE

SyncSuite provides services in relation to: (i) AI-powered website and landing page generation; (ii) CRM and database management tools; (iii) automated marketing and scheduling systems; and (iv) technical support.

This may involve the processing of personal data by SyncSuite on your behalf, including data relating to your customers, leads, or subscribers.

3. RELATIONSHIP OF PARTIES

The parties acknowledge that You are the Data Controller and SyncSuite is the Data Processor. SyncSuite will process personal data only to the extent necessary to provide the Services and in accordance with your written instructions.

4. SECURITY & CONFIDENTIALITY

SyncSuite shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risks, including protection against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure.

We ensure that only authorized personnel have access to personal data and that such personnel are bound by appropriate confidentiality obligations.

5. SUB-PROCESSORS & WHITELABEL INFRASTRUCTURE

SyncSuite utilizes a whitelabel architecture to provide core services. You provide general written authorization for SyncSuite to engage sub-processors to facilitate these services. This includes, but is not limited to:

• Communication Infrastructure: Processing of phone numbers, SMS content, and call logs (e.g., via Twilio).
• Email Services: Processing of email addresses and message content (e.g., via Mailgun).
• AI Services: Processing of text prompts and content generation data (e.g., via OpenAI).
• Cloud Hosting: Storage and processing of all platform data (e.g., via AWS or Google Cloud).

A current list of specific sub-processors is available upon request via support@syncsuite.co. SyncSuite remains liable for the performance of its sub-processors' obligations to the extent required by Data Protection Regulations.

6. DATA SUBJECT RIGHTS

SyncSuite will assist you in responding to requests from data subjects seeking to exercise their rights under the GDPR (e.g., right to access, right to be forgotten).

7. AUDIT & COMPLIANCE

You are entitled to monitor and audit SyncSuite’s compliance with these regulations not more than once per year, during normal business hours and at your own expense.