Subprocessors
CRA Evidence engages the following third-party subprocessors to provide our services, in accordance with GDPR Article 28 and our Data Processing Agreement.
We will notify customers at least 30 days before adding or replacing a subprocessor. To subscribe to updates or object to a new subprocessor, contact privacy@craevidence.com.
| Subprocessor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, database, storage, email delivery, and CDN | Ireland (eu-west-1) |
| Stripe | Payment processing | United States (SCCs / EU-US DPF) |
| Google Workspace | Business email and productivity | EU (SCCs included) |
| Cloudflare Turnstile | Bot protection on registration and login | Edge processing |
| PostHog | Product analytics | EU |
| Liidio Oy (Leadfeeder / Dealfront) | Visitor identification on public marketing pages | Finland, EU |
| LinkedIn Ireland Unlimited Company | LinkedIn Insight Tag: ad performance measurement and retargeting on public marketing pages | Ireland, EU. Transfers to LinkedIn entities outside the EU under SCCs |
All customer data is stored in the EU. International transfers (Stripe, Google) are covered by Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework.
For questions, contact privacy@craevidence.com.
Last updated: May 2026.