Lydira

← /legal

Sub-processors.

Lydira uses the following third parties to deliver the service. Maintained per GDPR Art. 28 + the Enterprise DPA addendum.

last updated · 2026-06-14

  • Amazon Web Services

    Singapore-region hosting, object storage (S3), and managed Postgres (RDS) for Enterprise.

    dpa ↗
    data types
    customer PII · trip data · attachments · audit logs
    region
    ap-southeast-1 (SG) · us-east-1 (US) · eu-central-1 (EU) — pinned per customer
    certifications
    SOC 2 Type II · ISO 27001 · ISO 27018 · PCI DSS

  • Hetzner Online GmbH

    Primary application hosting, object storage, and backups for the hosted platform (EU + US).

    dpa ↗
    data types
    customer PII · trip data · attachments · audit logs
    region
    Germany (Nuremberg / Falkenstein) · Finland (Helsinki) — EU; US (Ashburn · Hillsboro)
    certifications
    ISO 27001

  • Stripe, Inc.

    Payment processing for subscriptions and AI credit top-ups.

    dpa ↗
    data types
    billing contact · payment method metadata
    region
    US + EU (customer card network region)
    certifications
    PCI DSS Level 1 · SOC 2 Type II

  • OpenAI

    AI inference for inbox drafts, voice-to-lead transcription, business-card OCR, proposal generation. Opt-out per account.

    dpa ↗
    data types
    prompt text · audio clips (Whisper) · image payloads (Vision)
    region
    US
    certifications
    SOC 2 Type II

  • Mailgun (Sinch)

    Transactional email delivery (signup verification, notifications, welcome series).

    dpa ↗
    data types
    email address · message body
    region
    EU
    certifications
    SOC 2 Type II · ISO 27001

  • Twilio

    SMS + WhatsApp delivery when the advisor's agency opts into pooled channels.

    dpa ↗
    data types
    phone number · message body
    region
    US + EU
    certifications
    SOC 2 Type II · ISO 27001

  • Cloudflare

    DNS, CDN, WAF, DDoS protection for the hosted SaaS surface.

    dpa ↗
    data types
    request metadata (IP, path, headers)
    region
    Global edge
    certifications
    SOC 2 Type II · ISO 27001

  • Sentry

    Application error tracking + performance monitoring.

    dpa ↗
    data types
    stack traces · request metadata (scrubbed of PII)
    region
    US + EU (account-selectable)
    certifications
    SOC 2 Type II · ISO 27001

  • Plausible Analytics

    Privacy-friendly, cookieless analytics for the public marketing site (lydira.com) — aggregated to the page level, no personal data.

    dpa ↗
    data types
    aggregated page views (no PII)
    region
    EU (Germany)

change policy

Material changes to this list are announced to Enterprise Customers at least 30 days before they take effect. The canonical diff lives in the repository's config/subprocessors.yml file — every change goes through Legal + Security review.

questions

Compliance question, signed-DPA request, or spotted something out of date? Email security@lydira.com .