Subprocessors
Last Updated: 6th February 2025
1. Introduction
To support delivery of our Services, Aspose may engage and use data processors with access to certain Customer Data (each, a “Sub-processor”). This document provides important information about the identity, location, and role of each Sub-processor, along with Aspose’s measures to ensure compliance with the General Data Protection Regulation (GDPR).
2. Transparency and Notification
Aspose is committed to providing transparency about the sub-processors we engage. Customers are responsible for regularly reviewing this document for updates, as Aspose does not send notifications about changes to the Sub-processor list. Prior to engaging any new Sub-processor, Aspose evaluates their data protection practices to ensure compliance with GDPR requirements.
For details on our evaluation processes, refer to the Third Party Risk Management Policy.
3. Due Diligence and Sub-processor Agreements
Aspose ensures that all sub-processors:
- Are contractually bound to adhere to GDPR-compliant data protection agreements.
- Implement appropriate technical and organizational measures to protect personal data.
- Process personal data only under Aspose’s instructions, in accordance with Article 28 of the GDPR.
For more details, refer to our Third Party Risk Management Policy.
4. Current Sub-processors
Aspose uses the following Sub-processors to host Customer Data or provide other infrastructure that helps with delivery of our Services:
| Entity Name | Sub-processing Activities | Entity Country | Website |
|---|---|---|---|
| Amazon Web Services, Inc. | Cloud Service Provider | United States | https://aws.amazon.com/ |
| Tyler Vault | Colocation Hosting Provider | United States | https://www.tylervault.com/ |
| Google LLC | Website Traffic Analytics Provider | United States | https://analytics.google.com |
| Amazon Route 53 (AWS) | DNS and Content Distribution | United States | https://aws.amazon.com/route53/ |
| Stripe, Inc | Payment Gateway Provider | United States | https://stripe.com/ |
| Twilio, Inc. | Telephony Provider | United States | https://www.twilio.com/ |
5. Data Transfers Outside the EEA
When engaging sub-processors located outside the European Economic Area (EEA), Aspose ensures compliance with GDPR through:
- Standard Contractual Clauses (SCCs) approved by the European Commission.
- The Trans-Atlantic Data Privacy Framework (TADPF), where applicable, to facilitate lawful data transfers between the EU and the U.S., ensuring equivalent data protection measures.
- Evaluating the data protection laws in the destination country and implementing supplementary measures where necessary to maintain compliance with GDPR.
6. Security Measures
Sub-processors engaged by Aspose are required to implement industry-standard security measures, including but not limited to:
- Data encryption at rest and in transit.
- Secure access controls and monitoring.
- Incident response plans and regular vulnerability assessments.
For details on Aspose’s overarching security practices, see our Information Security Policy.
7. Customer Rights and Objections
Customers have the right to:
- Raise objections to new sub-processors if there are valid concerns about compliance with GDPR or security.
- Implement appropriate technical and organizational measures to protect personal data.
- Process personal data only under Aspose’s instructions, in accordance with Article 28 of the GDPR.
If you have any concerns about our sub-processors, please contact us at dpo@aspose.com
8. Updates
Aspose does not notify customers individually of changes to the Sub-processor list. Customers are responsible for checking this document regularly for updates. The “Last Updated” date at the top of this document reflects the most recent changes.