Sub-processors
Complete transparency of all third-party services that may process personal data on behalf of PersonaLift
Sub-processor Change Notifications
PersonaLift provides 30 days advance notice of any new sub-processors or material changes to existing sub-processor arrangements. Enterprise customers can object to new sub-processors.
Cloud Infrastructure
Amazon Web Services (AWS)
Primary hosting platform and data storage
Location
United States
Data Types Processed
Certifications
Google Cloud Platform
AI/ML processing and backup storage
Location
United States, European Union
Data Types Processed
Certifications
Analytics
Google Analytics
Website usage analytics and performance monitoring
Location
United States
Data Types Processed
Certifications
Mixpanel
Product analytics and user behavior tracking
Location
United States
Data Types Processed
Certifications
Payment Processing
Stripe
Payment processing and subscription management
Location
United States, European Union
Data Types Processed
Certifications
Customer Support
Zendesk
Customer support ticket management
Location
United States
Data Types Processed
Certifications
Customer Communication
Intercom
Live chat and customer messaging
Location
United States
Data Types Processed
Certifications
Email Services
SendGrid
Transactional emails and notifications
Location
United States
Data Types Processed
Certifications
Product Analytics
PostHog
Feature flags and A/B testing infrastructure
Location
United States, European Union
Data Types Processed
Certifications
Error Monitoring
Sentry
Application error tracking and performance monitoring
Location
United States
Data Types Processed
Certifications
International Data Transfers
Transfer Safeguards
- • Standard Contractual Clauses (SCCs)
- • Adequacy decisions where applicable
- • Additional technical safeguards
- • Regular compliance monitoring
Geographical Restrictions
- • EU data stays within EU/EEA when required
- • US data processing under Privacy Framework
- • Regional data sovereignty options available
- • Enterprise customers can specify regions
Sub-processor Auditing
Regular Reviews
All sub-processors undergo quarterly compliance reviews and annual security assessments.
Contract Requirements
Every sub-processor signs data processing agreements with equivalent protection levels.
Incident Response
All sub-processors must report security incidents within 24 hours of discovery.
Questions About Sub-processors?
Data Protection Team
Email: dpa@personalift.io
Response time: Within 48 hours
Available: Monday-Friday, 9 AM - 6 PM CT
Enterprise Customers
For objections to new sub-processors or custom arrangements, contact your dedicated Customer Success Manager or email enterprise@personalift.io
This sub-processor list is updated regularly. Last updated: January 2025 | Version 1.4
For the most current information, bookmark this page or subscribe to our notification service above.