Data Protection (GDPR)
Our role under the GDPR
Laioutr acts as a processor under Article 28 GDPR with respect to customer data. As a customer, you remain the controller of the content processed on the platform.
Data Processing Agreement (DPA / AVV)
We sign a DPA with every customer before productive use. Our standard DPA covers:
- Subject matter, duration and purpose of processing
- Categories of personal data and data subjects
- Rights and obligations of both parties
- Technical and Organisational Measures (TOMs)
- Sub-processor arrangements
- Notification obligations in case of security incidents
➡️ Request the DPA: security@laioutr.com
Data Protection Officer
Contact for data protection enquiries: privacy@laioutr.com
International data transfers
Our primary subprocessors (Vercel, Supabase, Upstash) have their corporate seat in the United States but operate our data exclusively in EU regions. For every US-based subprocessor we have executed Data Processing Agreements with EU Standard Contractual Clauses (SCCs) under Implementing Decision (EU) 2021/914. Where applicable, the EU-US Data Privacy Framework (DPF) applies as an additional safeguard.
For each of these providers we have conducted a Transfer Impact Assessment (TIA) in line with the CJEU's Schrems II ruling. TIAs are made available under NDA on request.
➡️ Related: Subprocessors · Compliance & Certifications
Trust Center
Security, privacy and compliance are the foundation of our product. This Trust Center documents transparently how Laioutr handles your data, what technical and organisational measures are in place, and which artefacts we provide for your security reviews.
Subprocessors
This page lists all subprocessors involved in providing the Laioutr platform. The URL is stable — feel free to link to it from your records of processing activities or privacy policy.