Data Processing Agreement
Last updated: April 22nd, 2026. This Data Processing Agreement ("DPA") forms part of the Terms of Service between GeoTrack (owned and operated by FXINTER LLC) and the User. This DPA governs the processing of personal data when GeoTrack acts as a Data Processor on behalf of the User.
1. Roles and Definitions
In the context of the GDPR and this agreement, the User is the Data Controller. The User decides the purposes and means of processing the data of their email recipients. GeoTrack (FXINTER LLC) is the Data Processor, processing personal data only on documented instructions from the User to render the email tracking Service.
As the Data Controller, the User bears the sole responsibility for establishing a valid legal basis (such as prior, explicit consent) for the deployment of tracking pixels, in accordance with the ePrivacy Directive and relevant guidance from national supervisory authorities (e.g., the CNIL).
2. Scope of Processing
GeoTrack will process the following "Accessed Data" strictly to provide the email tracking service:
- Email recipient information, subject, and timestamps.
- Receipt and open confirmations, including timestamps and geolocation of the opening.
- Link tracking metadata (number of clicks, URLs, timestamps).
- Device metadata (browser and operating system used by the recipient).
Strict Exclusions: GeoTrack guarantees that only automated software accesses your email metadata. No one at GeoTrack reads your emails, we will never send emails on your behalf, and we do not store the body content of your emails. Furthermore, GeoTrack strictly acts as a Data Processor and expressly prohibits the use of the User's Accessed Data for its own purposes, including but not limited to, the improvement of GeoTrack's separate products, training machine learning models, or creating cross-customer profiles.
3. International Data Transfers and Standard Contractual Clauses (SCCs)
Because GeoTrack servers are located in the United States, providing the Service requires transferring the Accessed Data outside the European Economic Area (EEA). To ensure compliance with Chapter V of the GDPR, the parties agree that such transfers are governed by the Standard Contractual Clauses (SCCs) adopted by the European Commission under Implementing Decision (EU) 2021/914.
Specifically, Module 2 (Transfer controller to processor) applies. By accepting our Terms of Service and utilizing the Service, the User and GeoTrack are legally bound by these SCCs.
4. Sub-processors
The User authorizes GeoTrack to engage the following sub-processors to support the delivery of the Service:
- Amazon Web Services, Inc.: Hosting provider (Servers located in the United States).
- Google Services: Google Apps, Google Analytics, Webmaster Tools, and Google Forms.
- LogEntries: Server logs storage.
GeoTrack will ensure that any engaged sub-processor is bound by data protection obligations that are at least as restrictive as those contained in this DPA.
5. Security of Processing
Taking into account the state of the art and the nature of the data, GeoTrack implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk. This includes transmitting all data using industry-standard Transport Layer Security (TLS) / Secure Sockets Layer (SSL) encryption.
6. Assistance and Data Subject Rights
Given the nature of the processing, GeoTrack will assist the User in fulfilling their obligations as Data Controller to respond to requests from data subjects exercising their rights under the GDPR. If GeoTrack receives a request directly from a recipient regarding data controlled by the User, we will promptly redirect the data subject to the User.
7. Deletion or Return of Data
Upon termination of the Service, or upon the User's explicit request (such as deleting their account), GeoTrack will delete all Accessed Data, unless further storage of the data is required by applicable law.