준수 보고서

Transync AI acts as a data processor under the GDPR, while our customers act as the data controller, with respect to personal data processed through our services.

We provide a Data Processing Agreement (DPA) that is compliant with Article 28 of the GDPR, The DPA covers all relevant sub-processors involved in delivering the service and defines their obligations regarding data protection and security. 

A GDPR-compliant Data Processing Agreement (DPA) is available upon request.

User data may be processed logically and physically in multiple regions depending on the service configuration, including the EU/EEA and other jurisdictions.

At present, Transync AI does not guarantee exclusive EU-only data residency, but we minimize cross-region processing where possible.

When data is processed outside the EU/EEA, this may involve limited categories such as:

• Audio streams for real-time processing
• Transcribed text
• Service metadata and operational logs

For any transfer of personal data outside the EEA, Transync AI relies on appropriate transfer mechanisms, such as the European Commission’s Standard Contractual Clauses (SCCs).

Transfer Impact Assessments (TIAs) are performed where applicable, taking into account the nature of the data and the destination country.

Additional technical safeguards, including encryption in transit and at rest, are applied to mitigate transfer-related risks. 

Transync AI engages a limited number of sub-processors, such as:

• Cloud infrastructure providers
• AI speech recognition / translation service providers
• Monitoring and logging service providers

These sub-processors may process data in different jurisdictions, depending on their infrastructure.

We maintain a sub-processor management policy, and customers are notified in advance of material changes, with the right to object where required by law. 

Transync AI does not use customer data (inputs or outputs) for training its own AI models.

This restriction is contractually enforced and applies equally to external AI service providers engaged by Transync AI.

Customer data is processed solely for the purpose of providing the contracted services. 

User data can be deleted through the following methods:

1. Self-service deletion: Users can manually delete their data within the application’s Personal Center.

2. Account termination: Users can perform a complete data deletion by selecting the “Delete Account” option located at the bottom of the Personal Center. 

Data stored in active systems is removed promptly.

Backups, where applicable, are subject to defined retention periods and are isolated from production systems.

Backup data is overwritten or expired automatically according to retention policies. 

Transync AI implements industry-standard security measures, including:

• Encryption at rest and in transit
• Role-based access control (IAM)
• Multi-factor authentication (MFA)
• Environment separation between production and testing

Security reviews and vulnerability assessments are conducted periodically. 

Transync AI supports customers in fulfilling GDPR data subject rights requests, including access, rectification, and deletion.

Requests are handled without undue delay, and responses are typically provided within GDPR statutory timelines, subject to customer validation and scope.