Last Updated: November 2025
This Data Processing Agreement (“Agreement”) forms part of the Terms of Service between MarsCraft SA (“Processor”) and you, the user or organization using HeyLync (“Controller”).
This Agreement governs the processing of personal data by MarsCraft SA on behalf of the Controller, in connection with the HeyLync Service.
“Personal Data” means any information relating to an identifiable individual.
“Processing” means any operation performed on personal data.
“Controller” determines the purpose and means of processing.
“Processor” processes data on behalf of the Controller.
“Subprocessor” means any third party engaged by MarsCraft SA to process data.
The Controller is responsible for ensuring that all personal data is lawfully collected.
When processing data obtained through the OCR feature, the Controller is also responsible for ensuring that any personal data of third parties contained in scanned materials has been lawfully collected and that those individuals are informed of the processing where required by law.
MarsCraft SA processes data solely for the purposes described in the Terms and this Agreement.
MarsCraft SA will not process data for its own purposes or sell it to third parties.
MarsCraft SA may use trusted subprocessors for hosting, analytics, OCR, and AI inference (e.g., AWS, Google Cloud, BytePlus).
These subprocessors may include cloud-based computer-vision or text-recognition providers (such as Google Cloud Vision, AWS Textract, BytePlus, or equivalent), all operating under confidentiality and data-protection agreements.
A list of current subprocessors is available upon request.
MarsCraft SA remains fully responsible for their actions and ensures compliance via written agreements.
MarsCraft SA implements appropriate technical and organizational measures to protect data, including:
Encryption in transit and at rest;
Access control and authentication systems;
Regular security testing and incident response plans.
MarsCraft SA may use trusted subprocessors for hosting, analytics, OCR, and AI inference (e.g., AWS, Google Cloud, BytePlus).
A list of current subprocessors is available upon request.
MarsCraft SA remains fully responsible for their actions and ensures compliance via written agreements.
If data is transferred outside Switzerland or the EEA, MarsCraft SA ensures lawful mechanisms such as:
Standard Contractual Clauses (SCCs);
Adequacy decisions (e.g., EU–Switzerland adequacy).
In the event of a data breach, MarsCraft SA will notify the Controller without undue delay, including details of the incident, scope, and mitigation steps.
Upon termination of the Service or at the Controller’s request, MarsCraft SA will:
Delete all personal data within 30 days; or
Return data in a structured, machine-readable format if requested.
Certain logs may be retained for audit or legal compliance purposes.
Upon reasonable notice, the Controller may request audit reports or security summaries.
On-site audits are permitted under strict confidentiality and only if legally required.
Each party’s liability under this Agreement shall be limited to the scope defined in the main Terms of Service.
The Controller is responsible for ensuring lawful data collection; the Processor is responsible for secure and lawful processing.
This Agreement is governed by the laws of Switzerland, and disputes shall be resolved in the courts of Geneva.
For any data protection inquiries:
mail@heylync.com