Sub-Processors

Transparency about the service providers we use to deliver PlotsAlot

Our Commitment to Transparency

PlotsAlot uses trusted third-party sub-processors to provide our services effectively and securely. All sub-processors are subject to GDPR-compliant data processing agreements (DPA) that ensure personal data is protected with the same high standards we maintain.

We carefully select and vet each sub-processor for their commitment to data protection, security practices, and compliance with international data protection regulations. This list is current as of December 2025.

If you have concerns about any of our sub-processors or their data protection practices, please contact us at support@slashml.com.

United States

GDPR-compliant

Amazon Web Services (AWS)

Cloud infrastructure and data hosting

Region: United States & Multiple Regions

GDPR Details
GDPR-compliant

Cloudflare

Web security and traffic geo-steering

Region: United States & Global

GDPR Details
GDPR-compliant

Google Analytics

Web analytics and performance tracking

Region: United States

GDPR Details
GDPR-compliant

Paddle

Payment processing

Region: United States

GDPR Details
GDPR-compliant

Postmark

Transactional email services

Region: United States

GDPR Details
GDPR-compliant

Lucky Orange

Website analytics and user insights

Region: United States

GDPR Details
GDPR-compliant

Tawk.to

Live chat and customer support

Region: United States

GDPR Details

Global & Multiple Regions

GDPR-compliant

Amazon Web Services (AWS)

Cloud infrastructure and data hosting

Region: United States & Multiple Regions

GDPR Details
GDPR-compliant

Cloudflare

Web security and traffic geo-steering

Region: United States & Global

GDPR Details

Data Processing Agreements (DPA)

PlotsAlot has entered into GDPR-compliant Data Processing Agreements (DPA) with each sub-processor. These agreements:

  • Specify the subject matter and duration of processing
  • Outline the nature and purpose of processing
  • Define the types of personal data and categories of data subjects
  • Require appropriate technical and organizational security measures
  • Restrict further sub-processing to only those approved by us
  • Include provisions for audit rights and data subject rights requests
  • Ensure data is processed only on instructions from PlotsAlot

All sub-processors are required to maintain the same level of data protection as PlotsAlot itself.

International Data Transfers

Some of our sub-processors are located in countries outside the European Economic Area (EEA), including the United States. For such transfers, we implement appropriate safeguards as required by GDPR, including:

  • Standard Contractual Clauses (SCC)
  • Binding Corporate Rules (BCR)
  • Adequacy Decisions (where applicable)
  • Supplementary safeguards and technical measures

These mechanisms ensure your personal data is protected at the same level as required within the EEA.

Updates to This List

We update this sub-processor list regularly as our third-party service providers change. If you would like to be notified of changes to sub-processors, please contact us at support@slashml.com.

For more information about our GDPR compliance practices, visit our GDPR Compliance page.

Last updated: December 25, 2025