Data Processing Agreement (DPA)
If you are a business customer processing third-party personal data (e.g. customer records, patient data, study subject IDs) through the CovaSyn MCP platform, Article 28 GDPR requires us to enter into a Data Processing Agreement.
Request the DPA
Send a brief email to privacy@covasyn.com with company name, address, and the name of an authorized signatory. We will return the filled-in agreement for signature (digital signature accepted).
What the agreement covers
- Subject matter and duration of processing (term of your MCP subscription)
- Nature, purpose, and categories of personal data processed
- List of further sub-processors (Stripe, Supabase, Resend, Hetzner)
- Technical and organizational measures (TOMs)
- Rights and obligations of both parties under Art. 28 GDPR
- Third-country transfers and Standard Contractual Clauses (SCCs)
Questions about processing or TOMs go to privacy@covasyn.com.