CrewSynx logoCrewSynx
FeaturesDocumentationFAQsPricing
Legal

Data Processing Agreement

Template version — effective from 21 April 2026

How to use this document: This is a template DPA for EU/UK enterprise customers. It documents that Butterfly Instruments does not process personal data from your CrewSynx instance. To execute a signed version for your records, email contact@butterflyinstruments.com with subject line “DPA Request” and your organisation's details. We will countersign and return a PDF within 5 business days.

Data Processing Agreement

This Data Processing Agreement (“DPA”) is entered into between:

Supplier: Butterfly Instruments, [Butterfly Instruments registered address] (“Butterfly Instruments”, “we”, “us”)

Customer: The organisation named in the associated CrewSynx license agreement (“you”, “Customer”)

together referred to as the “Parties”.

This DPA supplements and forms part of the CrewSynx Terms of Service between the Parties. In the event of conflict between this DPA and the Terms of Service, this DPA prevails with respect to data protection matters.

1. Definitions

  • “Data Protection Laws” means the EU General Data Protection Regulation (2016/679) (“GDPR”), the UK GDPR as incorporated into UK law, and any related national implementing legislation applicable to either Party.
  • “Personal Data” has the meaning given in the GDPR.
  • “Instance Data” means any Personal Data entered into, stored in, or processed by the Customer's self-hosted CrewSynx installation.
  • “Contact Data” means Personal Data submitted to Butterfly Instruments through the CrewSynx website contact form (name, work email, company name).
  • “Software” means the CrewSynx application licensed to the Customer under the Terms of Service.

2. Nature of the Arrangement

CrewSynx is a self-hosted software product. The Customer deploys and operates the Software on infrastructure owned or contracted by the Customer. Butterfly Instruments does not:

  • host, store, or have network access to the Customer's deployed instance;
  • receive, transmit, or process any Instance Data;
  • act as a data processor or sub-processor in relation to Instance Data.

The Customer is the sole data controller for all Instance Data and is independently responsible for ensuring its processing complies with applicable Data Protection Laws.

3. Butterfly Instruments as Data Controller (Contact Data)

Where Butterfly Instruments collects Contact Data directly from individuals at the Customer (e.g., sales and support communications), Butterfly Instruments acts as an independent data controller for that Contact Data. Processing of Contact Data is governed by the Butterfly Instruments Privacy Policy, not by this DPA.

4. Customer Obligations

The Customer undertakes to:

  • ensure it has a lawful basis for all processing of Personal Data within its CrewSynx instance;
  • provide any required notices to, and obtain any required consents from, data subjects whose Personal Data is processed in the instance;
  • implement appropriate technical and organisational security measures for its deployment environment, including access controls, encryption in transit, and regular backups;
  • respond to data subject rights requests (access, erasure, restriction, portability) relating to Instance Data, as the Customer is the data controller for such data;
  • not deploy the Software to process special categories of Personal Data (Article 9 GDPR) unless the Customer has independently assessed and ensured the lawfulness of such processing.

5. Security Patches and Updates

Butterfly Instruments will make security patches available to the Customer on a reasonable-efforts basis as described in the Terms of Service. The Customer is solely responsible for applying updates to its deployed instance in a timely manner, particularly those addressing security vulnerabilities.

6. Data Breach Notification

Because Butterfly Instruments does not access or hold Instance Data, it will not be aware of security incidents within the Customer's deployment environment. The Customer is solely responsible for detecting, assessing, and notifying the relevant supervisory authority and affected data subjects of any personal data breach involving Instance Data, within the timeframes required by applicable Data Protection Laws (72 hours under GDPR where feasible).

If the Customer discovers a vulnerability in the Software that contributed to a breach, it should report this to Butterfly Instruments at contact@butterflyinstruments.com to allow us to issue a patch.

7. International Transfers

Butterfly Instruments does not transfer Instance Data internationally because it does not receive or hold Instance Data. Any international transfer of Instance Data is solely within the Customer's infrastructure and is the Customer's responsibility to assess under applicable Data Protection Laws.

8. Audit Rights

Because Butterfly Instruments does not process Instance Data, traditional audit rights relating to data processing do not apply. The Customer may review the published Security Posture documentation and request a copy of any available third-party penetration test report. Requests for additional security assurance should be directed to contact@butterflyinstruments.com.

9. Duration and Termination

This DPA remains in effect for as long as the underlying CrewSynx license agreement is in force. Termination of the license agreement automatically terminates this DPA. Obligations under this DPA that by their nature should survive (including sections 2, 3, and 4) will survive termination.

10. Governing Law

This DPA is governed by the same law and jurisdiction as the Terms of Service, unless a specific jurisdiction is agreed in writing for the Customer's signed copy.

11. Entire Agreement

This DPA, together with the CrewSynx Terms of Service and Privacy Policy, constitutes the entire agreement between the Parties with respect to data protection and supersedes all prior arrangements on this subject.

12. Contact

For data protection queries, DPA execution requests, or to report a security vulnerability, contact Butterfly Instruments at contact@butterflyinstruments.com.

Request a Signed Copy

If your legal or compliance team requires a countersigned PDF of this DPA, email contact@butterflyinstruments.com with the subject line “DPA Request” and include your organisation name, registered address, and the name of the authorised signatory. We will return a countersigned PDF within 5 business days.

Security & Compliance FAQ →·Security Posture Overview →·Privacy Policy →
CrewSynx logoCrewSynx

Self-hosted workforce management. Buy a lifetime license, deploy anywhere, use forever.

Product

  • Features
  • Contact & Pricing

Legal

  • Privacy Policy
  • Terms of Service
  • Security & Compliance
  • Security Posture
  • Data Processing Agreement

© 2026 Butterfly Instruments. All rights reserved.