Sub-Processors and Affiliates
Last updated June 25, 2025
TrustArc utilizes the following third-party data processors (“Sub-processors”) for the provision and operation of its Solutions and processing of Customer Data, including any associated Personal Information therein.
Data Hosting Location
| Entity Name |
Location |
Purpose |
Transfer Mechanism |
Sub-Processor Contact |
| Amazon Web Services |
Data Center for Platform: US US-East-1 (Fairfax, Virginia) or EU-Central-1 (Frankfurt) Data Center for Nymity Products: Canada-Central-1 (Ontario, Canada) Data Center for Cookie Consent Manager: EU-West-1 (Dublin, Ireland) |
Hosting service for TrustArc platform |
DPF and SCCs |
https://aws.amazon.com/contact-us/ |
Third Party Sub-Processors
| Entity Name |
Location |
Purpose |
Transfer Mechanism |
Sub-Processor Contact |
| Mailgun Technologies, Inc. |
Texas, USA |
Nymity R&A (Research & Alerts) email delivery service |
SCCs |
https://www.mailgun.com/contact/ |
| Microsoft, Inc. (including Microsoft Canada Inc.) |
Washington, USA Canada, Central (Toronto, ON) |
Cloud services supporting application logging and messaging queue capabilities for e-mail delivery for Nymity R&A |
DPF and SCCs |
https://support.microsoft.com/en-us/contactus |
| Salesforce.com |
California, USA |
Customer service, sales, and support |
DPF, SCC and BCR |
https://www.salesforce.com/company/contact-us/ |
| Workato, Inc. |
Virginia, US or Frankfurt, Germany |
TrustArc platform integration tool |
SCC |
https://support.workato.com/en/support/home |
Changes to Sub-processors
TrustArc may remove, replace or appoint suitable and reliable Sub-processors in accordance with the Data Processing Addendum (“DPA”) available here. TrustArc shall inform you of any new Sub-processors by updating its Sub-Processor disclosure and providing email notification no less than thirty (30) days before authorizing such Sub-processor(s) to Process Personal Information in connection with the provision of the applicable Solutions. To enable receipt of such e-mail notifications, you may subscribe here.
TrustArc Affiliates
In addition to the Sub-processors above, TrustArc may utilize the affiliates listed in the TrustArc Affiliate Sub-processor disclosure available here.
Data Transfers
Where TrustArc transfers personal data in connection with its Solutions, it does so in compliance with applicable data protection laws and regulations and utilizes the following safeguards and framework, as applicable:
- Standard Contractual Clauses (or “Model Clauses”)
- EU-U.S. Data Privacy Framework (“DPF”), UK Extension to the EU-U.S. DPF, and Swiss-U.S. DPF
Data Processing Addendum
TrustArc offers a comprehensive global DPA, which is designed to meet the requirements of applicable data privacy laws and regulations. Our DPA is available here.
Technical and Organizational Measures
TrustArc’s Technical and Organizational Measures (“TOMs”) that describe the security safeguards and other relevant measures implemented by TrustArc, such as access controls, transmission controls, data backup, and logical separation, can be found here.
