LEGAL
Data Processing Addendum
Last updated: March 22, 2026
This Data Processing Addendum (“DPA”) forms part of the Terms of Service between Synthfy LLC (“Processor”) and you (“Controller”) and governs Synthfy LLC’s processing of personal data on your behalf.
1. Definitions
• “Processing” means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, or deletion.
• “Data Subject” means the person to whom the Personal Data relates (e.g., callers to your business).
• “Sub-processor” means any third party engaged by Synthfy LLC to process Personal Data on behalf of the Controller.
2. Scope of Processing
Synthfy LLC processes Personal Data solely for providing the AI phone answering service:
• Recording and transcribing calls (where enabled by you)
• Capturing caller information (name, phone number, message)
• Scheduling appointments on your behalf
• Generating analytics and reports
• Sending SMS follow-up messages (where enabled by you)
3. Our Obligations
3.1 Process Only on Your Instructions
We process Personal Data only according to your documented instructions and the configuration you set in your Synthfy LLC dashboard.
3.2 Confidentiality
All personnel with access to Personal Data are bound by confidentiality obligations. Access is granted on a need-to-know basis only.
3.3 Security Measures
We implement appropriate technical and organizational measures including AES-256 encryption, TLS 1.2+, MFA, access controls, and regular monitoring. See our Security Overview for details.
3.4 Breach Notification
In the event of a Personal Data breach, we will notify you within 72 hours, providing sufficient information for you to meet your own notification obligations.
3.5 Deletion and Return
Upon termination, we delete all Personal Data within 30 days, or return it in a standard format upon request, unless retention is required by law.
4. Your Obligations
As the data controller, you are responsible for:
• Providing appropriate notice to callers that calls may be recorded and processed by AI
• Configuring your Synthfy LLC account settings in accordance with applicable privacy laws
• Responding to Data Subject requests using the tools provided in your dashboard
• Complying with all applicable data protection laws in your jurisdiction
Data We Do NOT Collect or Sell
We Never Sell Data
Your data is never sold, rented, or traded to any third party
No Cross-Customer Training
Your call data is never used to train AI for other customers
No Ad Targeting
We do not use your data for advertising or marketing purposes
5. International Transfers
If Personal Data is transferred outside the EEA or UK, Synthfy LLC will ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs). We will provide copies of relevant transfer mechanisms upon request.
6. Audit Rights
You have the right to audit our compliance with this DPA. We will make available all information necessary to demonstrate compliance. We may satisfy audit requests by providing relevant security documentation and compliance reports.
7. Duration and Termination
This DPA remains in effect for as long as Synthfy LLC processes Personal Data on your behalf. It automatically terminates when you close your account and all data has been deleted or returned.
Contact
Questions about this Data Processing Addendum?