Subprocessors

Our Infrastructure. Your Data. Full Transparency.

We work with a limited number of carefully selected service providers to operate the Parcy platform. Below you can review the third parties that process customer and attendee data on our behalf.

Subprocessors

Our Infrastructure. Your Data. Full Transparency.

We work with a limited number of carefully selected service providers to operate the Parcy platform. Below you can review the third parties that process customer and attendee data on our behalf.

Effective Date: Jun 25, 2025

Parcy engages a limited number of carefully selected third-party service providers (“Subprocessors”) to process personal data strictly for the purpose of delivering the Parcy platform.

All Subprocessors act under written data processing agreements compliant with:

  • EU GDPR (Regulation 2016/679)

  • UK GDPR

  • CCPA/CPRA (where applicable)


Data Residency

For all customer accounts created and managed within the European Union:

  • Primary data storage resides within the European Union.

  • Personal data is hosted in EU-based infrastructure.

  • Transfers outside the EU occur only where technically necessary and are safeguarded through Standard Contractual Clauses (SCCs) or equivalent lawful transfer mechanisms.

For non-EU accounts, data may be processed in additional jurisdictions as required for service delivery.



Core Infrastructure Subprocessors


Only vendors that process customer or attendee personal data are listed below.

Vendor

Service Provided

Data Processed

Hosting Location

Transfer Safeguards

Amazon Web Services (AWS EMEA)

Cloud hosting & infrastructure

Account data, attendee registration data, event data

European Union (EU accounts)

SCCs where applicable

Supabase

Database infrastructure

Account data, attendee data

European Union (EU accounts)

SCCs where applicable

WorkOS

Authentication & SSO

User identity data

US

SCCs

MessageBird

Email/SMS communication infrastructure

Email addresses, phone numbers, messaging metadata

EU / UK

SCCs where applicable

Mux

Video streaming delivery (RTMP playback infrastructure)

Media metadata, limited user identifiers

US

SCCs


International Transfers

Where personal data is transferred outside the European Economic Area:

Parcy relies on:

  • European Commission Standard Contractual Clauses (SCCs)

  • UK International Data Transfer Addendum

  • Supplementary technical and organizational measures

  • Encrypted data in transit (TLS) and at rest


California Privacy (CCPA/CPRA)

Subprocessors engaged by Parcy qualify as “Service Providers” or “Contractors” under California law and:

  • Do not sell personal information

  • Do not use personal data for cross-context behavioral advertising

  • Process personal data solely to provide contracted services

  • Are contractually restricted from retaining data beyond necessity


Subprocessor Updates

Parcy may update this list from time to time as infrastructure evolves.

Material changes will be notified to customers where required under applicable agreements.