Parcy engages a limited number of carefully selected third-party service providers (“Subprocessors”) to process personal data strictly for the purpose of delivering the Parcy platform.

All Subprocessors act under written data processing agreements compliant with:

• EU GDPR (Regulation 2016/679)

• UK GDPR

• CCPA/CPRA (where applicable)

  
  

Data Residency

For all customer accounts created and managed within the European Union:

• Primary data storage resides within the European Union.

• Personal data is hosted in EU-based infrastructure.

• Transfers outside the EU occur only where technically necessary and are safeguarded through Standard Contractual Clauses (SCCs) or equivalent lawful transfer mechanisms.

For non-EU accounts, data may be processed in additional jurisdictions as required for service delivery.

Core Infrastructure Subprocessors

Only vendors that process customer or attendee personal data are listed below.

International Transfers

Where personal data is transferred outside the European Economic Area:

Parcy relies on:

• European Commission Standard Contractual Clauses (SCCs)

• UK International Data Transfer Addendum

• Supplementary technical and organizational measures

• Encrypted data in transit (TLS) and at rest

• 
  

California Privacy (CCPA/CPRA)

Subprocessors engaged by Parcy qualify as “Service Providers” or “Contractors” under California law and:

• Do not sell personal information

• Do not use personal data for cross-context behavioral advertising

• Process personal data solely to provide contracted services

• Are contractually restricted from retaining data beyond necessity

• 
  

Subprocessor Updates

Parcy may update this list from time to time as infrastructure evolves.

Material changes will be notified to customers where required under applicable agreements.