Fips LogoFips

Data Processing Agreement (DPA)

The legal agreement regarding how we process your data under the GDPR.

Last Updated: July 6, 2025

This Data Processing Agreement ("DPA") governs the data processing activities between Fips ("Data Processor") and the Customer ("Data Controller") who subscribes to our services and controls personal data. This DPA forms part of our Terms of Service.

1. Definitions

The terms "Personal Data", "Data Subject", "Processing", "Data Controller", and "Data Processor" used in this DPA have the meanings given in the GDPR (General Data Protection Regulation).

2. Details of Processing

  • Subject Matter of Processing: The provision of Fips Trading Assistant services by the Data Processor to the Data Controller.
  • Duration of Processing: For the duration of the service agreement between the parties.
  • Nature and Purpose of Processing: To provide user authentication, store and analyze trading data, enable cross-device synchronization, and other services requested by the Data Controller.
  • Types of Personal Data Processed: Account information (email), financial transaction data (P/L, position details), usage, and analytics data.
  • Categories of Data Subjects: End-users authorized by the Data Controller (employees, members, etc.).

3. Obligations of the Data Processor

The Data Processor commits to:

  • Process Personal Data only on the documented instructions from the Data Controller.
  • Ensure that personnel processing the data are under a confidentiality obligation.
  • Implement appropriate technical and organizational security measures in accordance with GDPR Article 32 (e.g., data encryption, access control).
  • Inform the Data Controller before engaging new sub-processors, providing an opportunity to object.
  • Assist the Data Controller in responding to requests from Data Subjects to exercise their rights (access, deletion, etc.).
  • Notify the Data Controller without undue delay after becoming aware of a personal data breach.
  • At the end of the agreement, delete or return all personal data at the Data Controller's request.

4. Sub-processors

The Data Controller authorizes the Data Processor to use the following sub-processors to provide the service:

  • Supabase: Authentication, database, and storage.
  • RevenueCat & Paddle: Subscription and payment processing.
  • Google Analytics: Usage analysis.
  • Cloudflare: CDN and security.

5. Contact

For questions regarding this DPA, you can contact our Data Protection Officer at [email protected].