Skip to Main Content
Main Menu
Legal Center

Schedule B: Authorized Sub-Processors

Last updated April 10, 2024

TrustArc utilizes the following third-party data processors (“Sub-processors”) for the provision and operation of its Solutions and processing of Customer Data, including any associated Personal Information therein.

Data Hosting Location

Entity Name Location Purpose Appropriate Safeguards for Transfers Sub-Processor DPO or Data Privacy Representative Contact
Data Center for Platform: US US-East-1 (Fairfax, Virginia) or EU-Central-1 (Frankfurt)
Amazon Web Services Data Center for Nymity Products: Canada-Central-1 (Ontario, Canada) Hosting service for TrustArc platform DPF and SCCs
Data Center for Cookie Consent Manager: EU-West-1 (Dublin, Ireland)

Third Party Sub-Processors

Entity Name Location Purpose Appropriate Safeguards for Transfers Sub-Processor DPO or Data Privacy Representative Contact
Mailgun Technologies, Inc. Texas, USA Nymity R&A (Research & Alerts) email delivery service SCCs
Microsoft, Inc. (including Microsoft Canada Inc.) Washington, USA, Canada, Central (Toronto, ON) Cloud services supporting application logging and messaging queue capabilities for e-mail delivery for Nymity R&A DPF and SCCs California, USA Customer service, sales, and support DPF, SCCs, and BCR

Changes to Sub-processors

TrustArc may remove, replace or appoint suitable and reliable Sub-processors in accordance with the Data Processing Addendum (“DPA”) available here. TrustArc shall inform you of any new Sub-processors by updating its Sub-Processor disclosure and providing email notification no less than thirty (30) days before authorizing such Sub-processor(s) to Process Personal Information in connection with the provision of the applicable Solutions. To enable receipt of such e-mail notifications, you may subscribe here.


TrustArc Affiliates

In addition to the Sub-processors above, TrustArc may utilize the affiliates listed in the TrustArc Affiliate Sub-processor disclosure available here.


Data Transfers

Where TrustArc transfers personal data in connection with its Solutions, it does so in compliance with applicable data protection laws and regulations and utilizes the following safeguards and framework, as applicable:
  • Standard Contractual Clauses (or “Model Clauses”)
  • EU-U.S. Data Privacy Framework (“DPF”), UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF

Data Processing Addendum

TrustArc offers a comprehensive global DPA, which is designed to meet the requirements of applicable data privacy laws and regulations. Our DPA is available here.


Technical and Organizational Measures

TrustArc’s Technical and Organizational Measures (“TOMs”) that describe the security safeguards and other relevant measures implemented by TrustArc, such as access controls, transmission controls, data backup, and logical separation, can be found here.
Back to Top