Laioutr
Trust Center

Infrastructure & Hosting

Laioutr Cloud and Laioutr Cockpit run on a modern, certified cloud stack. All production data is processed and stored in EU regions (Germany).

Laioutr Cloud and Laioutr Cockpit run on a modern, certified cloud stack. All production data is processed and stored in EU regions (Germany).

Architecture

Laioutr is a modern, cloud-native platform built on Vue / Nuxt with a section-based architecture. We rely on:

  • Strict tenant isolation at the application and database layers (Row-Level Security)
  • Clearly separated environments (Development, Staging, Production)
  • Multi-region setup for high availability (see Backup strategy)
  • Persistent data exclusively in EU Postgres instances

Primary subprocessors

Vercel Inc. — Application hosting & edge

Frontend hosting, edge functions and serverless compute for the Laioutr application.

  • Region: Frankfurt (fra1), Germany
  • Certifications: ISO 27001:2022, SOC 2 Type 2 (Security, Confidentiality, Availability), TISAX Assessment Level 2, EU-US Data Privacy Framework
  • DPA with SCCs: in place
  • Note: Static assets and edge function responses may be temporarily cached within EU edge regions. Persistent storage happens exclusively in Supabase.

Supabase, Inc. — Database & authentication

Postgres database, authentication and object storage for customer data.

  • Region: Frankfurt (eu-central-1), Germany
  • Certifications: SOC 2 Type 2, ISO/IEC 27001:2022, HIPAA, PCI DSS, GDPR
  • DPA with SCCs: in place
  • Data residency: All data remains in the selected EU region. Read replicas run exclusively in EU regions.
  • Encryption: AES-256 at rest, TLS 1.2+ in transit

Upstash, Inc. — Caching & realtime

Redis-based caching and realtime functionality.

  • Region: Frankfurt (eu-central-1), Germany
  • Certifications: SOC 2 Type 2 (Pro and Enterprise plans)
  • DPA with SCCs: in place
  • Note: Upstash only holds non-persistent cache data and transient session information. Persistent customer data stays in Supabase.

Liveblocks Inc. — Presence & cursors

Real-time presence (online status) and cursor positions for collaboration inside the Laioutr Cockpit.

  • Region: Global (AWS, Cloudflare, MongoDB Atlas) — EU-only processing is not guaranteed
  • Certifications: SOC 2 Type 2
  • DPA with SCCs: in place (Liveblocks Data Processing Addendum with embedded SCCs)
  • Scope: Pseudonymous user ID, display name, cursor position and online status — exchanged only between authenticated Cockpit users.
  • Not used: Liveblocks Storage, Comments / Threads, Notifications, AI Copilots
  • Not transferred: customer content (sections, texts, media files) and end-customer data — these stay in Supabase EU
  • Persistence: none — presence and cursor data only exist for the duration of an active Cockpit session

A dedicated Transfer Impact Assessment for Liveblocks is available under NDA on request.

➡️ See also: Subprocessors · Security Measures

Subprocessors

This page lists all subprocessors involved in providing the Laioutr platform. The URL is stable — feel free to link to it from your records of processing activities or privacy policy.

Security Measures

A complete overview of our TOMs under Article 32 GDPR is available under NDA on request. The summary below covers the public-facing portions.

Copyright © 2026 Laioutr GmbH