VOOZH about

URL: https://about.aspose.com/legal/subprocessors

⇱ Subprocessors - About - aspose.com

Subprocessors

Last Updated: 6th February 2025

1. Introduction

To support delivery of our Services, Aspose may engage and use data processors with access to certain Customer Data (each, a “Sub-processor”). This document provides important information about the identity, location, and role of each Sub-processor, along with Aspose’s measures to ensure compliance with the General Data Protection Regulation (GDPR).

2. Transparency and Notification

Aspose is committed to providing transparency about the sub-processors we engage. Customers are responsible for regularly reviewing this document for updates, as Aspose does not send notifications about changes to the Sub-processor list. Prior to engaging any new Sub-processor, Aspose evaluates their data protection practices to ensure compliance with GDPR requirements.

For details on our evaluation processes, refer to the Third Party Risk Management Policy.

3. Due Diligence and Sub-processor Agreements

Aspose ensures that all sub-processors:

  • Are contractually bound to adhere to GDPR-compliant data protection agreements.
  • Implement appropriate technical and organizational measures to protect personal data.
  • Process personal data only under Aspose’s instructions, in accordance with Article 28 of the GDPR.

For more details, refer to our Third Party Risk Management Policy.

4. Current Sub-processors

Aspose uses the following Sub-processors to host Customer Data or provide other infrastructure that helps with delivery of our Services:

Entity NameSub-processing ActivitiesEntity CountryWebsite
Amazon Web Services, Inc.Cloud Service ProviderUnited Stateshttps://aws.amazon.com/
Tyler VaultColocation Hosting ProviderUnited Stateshttps://www.tylervault.com/
Google LLCWebsite Traffic Analytics Provider United Stateshttps://analytics.google.com
Amazon Route 53 (AWS)DNS and Content DistributionUnited Stateshttps://aws.amazon.com/route53/
Stripe, IncPayment Gateway ProviderUnited Stateshttps://stripe.com/
Twilio, Inc.Telephony ProviderUnited Stateshttps://www.twilio.com/

5. Data Transfers Outside the EEA

When engaging sub-processors located outside the European Economic Area (EEA), Aspose ensures compliance with GDPR through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission.
  • The Trans-Atlantic Data Privacy Framework (TADPF), where applicable, to facilitate lawful data transfers between the EU and the U.S., ensuring equivalent data protection measures.
  • Evaluating the data protection laws in the destination country and implementing supplementary measures where necessary to maintain compliance with GDPR.

6. Security Measures

Sub-processors engaged by Aspose are required to implement industry-standard security measures, including but not limited to:

  • Data encryption at rest and in transit.
  • Secure access controls and monitoring.
  • Incident response plans and regular vulnerability assessments.

For details on Aspose’s overarching security practices, see our Information Security Policy.

7. Customer Rights and Objections

Customers have the right to:

  • Raise objections to new sub-processors if there are valid concerns about compliance with GDPR or security.
  • Implement appropriate technical and organizational measures to protect personal data.
  • Process personal data only under Aspose’s instructions, in accordance with Article 28 of the GDPR.

If you have any concerns about our sub-processors, please contact us at dpo@aspose.com

8. Updates

Aspose does not notify customers individually of changes to the Sub-processor list. Customers are responsible for checking this document regularly for updates. The “Last Updated” date at the top of this document reflects the most recent changes.