Last updated: May 1, 2026
This Data Processing Agreement ("DPA") forms part of the Terms of Service between the customer ("Controller") and Marketsync Global Ltd("Processor"). It applies whenever we process personal data on behalf of the Controller.
Subject matter & duration
Processing is limited to delivering the verification Services and continues for the term of the underlying contract.
Nature & purpose
Identity verification, fraud screening, document checks, and audit logging in support of the Controller's KYC and AML obligations.
Categories of data subjects
The Controller's end users undergoing verification.
Categories of personal data
- Identifiers (NID number, phone, email).
- Identity documents and selfie / liveness imagery.
- Device and IP metadata used for risk scoring.
Sub-processors
Current sub-processors include cloud hosting (AWS Singapore), email delivery (Resend), and observability (Sentry). We will notify the Controller of any change at least 30 days in advance.
Security measures
TLS 1.2+ in transit, AES-256 at rest, role-based access control, principle of least privilege, audit logging, and quarterly penetration testing. Detailed measures are in our Security Overview.
International transfers
Standard Contractual Clauses apply to any transfer outside the European Economic Area or Bangladesh.
Assistance & audits
We assist Controllers with data-subject requests, DPIAs, and regulator inquiries, and allow audits under reasonable notice and confidentiality.
Questions about this document? Contact legal@msg.bd. This page is a template for informational purposes and is not legal advice; consult qualified counsel for your jurisdiction.