BreaktroughF1 LLP

Data Processing Agreement

Effective: May 2, 2026|Version: 1.0

📋

This DPA supplements the Terms of Service where BreaktroughF1 LLP processes personal data on behalf of a Customer acting as a Data Controller. It applies primarily to enterprise deployments where LYNX processes data that may include personal data of third parties. For most deployments, LYNX operates entirely on the Customer's own infrastructure and we do not process the Customer's network traffic.

Definitions

Controller

The Customer who determines the purposes of processing.

Processor

BreaktroughF1 LLP acting on the Controller's instructions.

Sub-processor

Any third party engaged by the Processor to process data.

Scope of Processing

In standard on-premise deployments, the Customer is the sole controller. Where a Customer uses the LYNX cloud dashboard or Federated Learning service, BreaktroughF1 LLP acts as a Processor for dashboard account credentials, alert metadata, and locally differentially-private ML model weight deltas.

Processor Obligations

We agree to process personal data only on documented instructions, ensure confidentiality, implement appropriate security measures, and assist the Controller in fulfilling Data Subject requests.

Security Measures

Measure	Implementation
Database Encryption	SQLCipher AES-256-CBC
Password Hashing	PBKDF2-HMAC-SHA256 · 600,000 iterations
Transport Security	TLS 1.2 minimum
FL Differential Privacy	ε = 1.0 Gaussian noise

Sub-Processors

All sub-processors are bound by Standard Contractual Clauses (SCCs) or adequacy decisions. Current sub-processors:

Vercel Inc.—Hosting

Resend Inc.—Email

Cloudflare Inc.—CDN / Security

Audit Rights

📅

Upon 30 days' written notice, the Controller may audit our processing activities. We may satisfy this obligation by providing current third-party security certifications (e.g. ISO 27001).

Contact

For data protection enquiries, reach our privacy team directly:

✉️

Data Protection Enquiries

privacy@breaktroughf1.com