Documents

Subprocessors & Service Providers

On This Page

Subprocessors & Service Providers

Last Update: July 10, 2025

This page lists third parties that Live Elements Ecosystem S.L. engages to process personal data while providing the Services. It is incorporated by reference into the DPA, the Master Privacy Policy, and relevant product notices.

  • Subprocessors (Processor role): Used when we process Customer Data on your behalf (e.g., hosting the SaaS CMS/Console, optional support uploads, licence/telemetry endpoints for self-hosted modules).
  • Service providers (Controller role): Used when we process Account/Console data as an independent controller (e.g., billing emails). We include these for transparency, though your DPA applies only to processor scenarios.

1. Subprocessors (when we act as processor for Customer Data)

Vendor Purpose Data categories (typical) Location(s)
Amazon Web Services, Inc. (AWS) App hosting (EC2); object storage & backups (S3); transactional email delivery (SES) Customer content; media; database/storage objects; logs & request metadata (e.g., IP, user-agent); sender/recipient email addresses and delivery events; minimal licence/telemetry metadata where applicable EU regions by default for EU tenants; US available if tenant chooses (note: email delivery ultimately reaches recipients globally)
Cloudflare, Inc. CDN, WAF, DDoS protection, TLS termination, DNS Edge logs and request metadata; cached assets per TTL; TLS session data at the edge (no persistent content storage) EU-regionalized for EU tenants; global POPs as configured

2. Service providers (when we act as controller for Account/Console data)

Vendor Purpose Data categories Location(s)
Amazon Web Services, Inc. (AWS) App hosting (EC2); object storage & backups (S3); transactional email delivery (SES) Customer content and media; database/storage objects; logs & request metadata (e.g., IP, user-agent); sender/recipient email addresses and delivery events; minimal licence/telemetry metadata as applicable EU regions by default for EU tenants; US available if tenant chooses
Cloudflare, Inc. CDN, WAF, DDoS protection, TLS termination, DNS Edge logs and request metadata; cached assets per TTL; TLS session data at the edge (no persistent content storage) EU regionalized for EU tenants; global POPs as configured

3. Change management

  • We provide at least 30 days’ advance notice before adding or replacing a Subprocessor (except where earlier engagement is required for urgent security or continuity, in which case we notify promptly thereafter).
  • We notify via email to Console contacts and/or an in-product banner.