Subprocessors and Data Processing Locations
How Lara Translate uses third-party service providers to securely process data
At Lara Translate, we are committed to ensuring transparency and compliance with data protection regulations such as the GDPR. In the course of delivering our services, we engage a select number of third-party service providers (subprocessors) to perform specific processing activities on our behalf.
Each subprocessor is carefully vetted and contractually bound to comply with strict data protection and security requirements, including where applicable:
-
Standard Contractual Clauses (SCCs),
-
The EU–US Data Privacy Framework, and
-
Other appropriate safeguards under Chapter V of the GDPR.
This page provides an up-to-date list of our current subprocessors, including the type of service they provide, the country in which the entity is located, where processing takes place, and the applicable legal basis.
| Supplier | Category | Purpose | Processing Location | Legal Basis / Safeguards |
| AWS (Amazon Web Services) | Cloud Infrastructure | Cloud infrastructure provider used to host application servers, process translation data, manage storage, backups, and ensure scalability of Lara's services. | EU or USA | GDPR Art. 28 (processor), DPA with SCCs, UK/Swiss addenda as needed; CCPA Terms applied if US processing. |
| Equinix | Infrastructure / Colocation | Provide physical hosting for Lara-owned servers | USA | BCRs (Binding Corporate Rules) |
| TIM Enterprise | Infrastructure / Colocation | Provide physical hosting for Lara-owned servers | EU | – Data Processing Agreement (DPA) – Bound by Art. 28(4) GDPR as physical hosting subprocessor |
| Sentry | Monitoring / Application Performance Monitoring (APM) | Monitor errors and sessions for debugging purposes | USA | – Standard Contractual Clauses (SCCs) – Data Privacy Framework (certified) |
| Stripe | Payment Processing | Process payments | EU | – Data Processing Agreement (DPA) – Standard Contractual Clauses (SCCs) – EU–US Data Privacy Framework (certified) |
| Google Analytics 4 | Marketing / Analytics | Track website/service usage and engagement for performance and UX optimization | EU & non‑EU: EU data collected on EU-based devices and processed in EU before transfer | IP-based regional control + SCC for extra‑EU transfers |
| Google Ads | Marketing / Advertising | Manage and optimize online advertising campaigns | EU and non‑EU (with safeguards for international transfers) | Standard Contractual Clauses (SCC), EU–US Data Privacy Framework (DPF), Adequacy Decisions |
| Google Workspace suite | Productivity & Collaboration Tools | Internal communication, email, document management, file storage, and collaboration across teams. | EU data centers, with possible processing in US/other countries per Google DPT. | – Data Processing Agreement (DPA) – Standard Contractual Clauses (SCCs) for international transfers – CCPA: Service Provider designation |
| ActiveCampaign | Marketing / Email Automation | Send marketing emails and automate user engagement flows | EU | EU–US Data Privacy Framework Standard Contractual Clauses (SCCs) |
| HubSpot | CRM, Marketing Automation, and Support Platform | Manage contacts, automate marketing, and handle customer support | EU | Standard Contractual Clauses (SCC) + EU Data Privacy Framework (DPF) |
| PostHog | Product / Analytics | Monitor and analyze user behavior on product | EU | EU Hosting |
| Cookiebot | Consent Management Platform (CMP) | Consent management platform for collecting and storing user cookie consent. | EU | EU Hosting |
| Meta | Advertising / Analytics | Track user interactions and conversions for advertising and campaign performance analysis. | EU / US | Joint Controller under Art. 26 GDPR, Consent (Art. 6(1)(a) GDPR) via cookie banner, CCPA: Sharing for advertising purposes |
| Advertising / Analytics | Measure advertising performance, enable retargeting, and gain audience insights for LinkedIn ads. | EU / US | Joint Controller under Art. 26 GDPR, Consent (Art. 6(1)(a) GDPR) via cookie banner, CCPA: Sharing for advertising purposes |
We regularly review and update our list of subprocessors to reflect operational changes and ensure transparency.
If you are an enterprise customer with a signed Data Processing Addendum (DPA), you will be notified in advance of any material changes to our subprocessors, such as the addition or replacement of a subprocessor, where required by the terms of your agreement.
These notifications are typically sent via email or through your dedicated account manager.
If you have any questions regarding our data processing practices, please contact us at support@laratranslate.com