Locktera.com
Locktera.com

LOCKTERA SUBPROCESSORS POLICY

Last Updated: March 8, 2026

1. PURPOSE

This Subprocessors Policy describes how Locktera, Inc. (“Locktera”) engages third-party service providers (“Subprocessors”) to support the delivery, operation, security, and maintenance of Locktera services, including Locktera Share and the Locktera CORE API platform (collectively, the “Services”).

Locktera may engage Subprocessors to perform limited services on Locktera’s behalf in connection with the provision, hosting, operation, security, support, and improvement of the Services.

To the extent Locktera processes Personal Data on behalf of a Customer, any Subprocessor engaged by Locktera may process such Personal Data solely for the purpose of supporting the provision of the Services and only in accordance with:

  • Locktera’s contractual obligations to the Customer; and
  • applicable data protection and privacy laws.

Subprocessors are permitted to process Customer Data only on documented instructions from Locktera and solely to the extent necessary to perform the services for which they have been engaged.

2. DEFINITION OF SUBPROCESSOR

A Subprocessor is a third-party service provider engaged by Locktera to process Customer Data, including Personal Data, on Locktera’s behalf in connection with the delivery, operation, security, or support of the Services.

Subprocessors may provide services that support the operation of the Services, including, without limitation:

  • cloud infrastructure and hosting services;
  • data storage and backup services;
  • monitoring, logging, and security services;
  • operational infrastructure and platform services;
  • customer support and service management systems;
  • communications and notification infrastructure; and
  • analytics, diagnostic, or operational performance services.

Subprocessors are authorized to process Customer Data solely on documented instructions from Locktera and only to the extent necessary to perform the services for which they have been engaged.

Subprocessors do not obtain any ownership or independent rights to Customer Data and may not use Customer Data for any purpose other than supporting Locktera’s provision of the Services.

3. LOCKTERA RESPONSIBILITIES

Locktera remains responsible for the acts and omissions of its Subprocessors to the same extent as if Locktera had performed the services directly, subject to the limitations set forth in the applicable Agreement.

Locktera shall ensure that each Subprocessor is bound by written contractual obligations that:

  • require the Subprocessor to process Customer Data solely on documented instructions from Locktera;
  • impose confidentiality obligations on personnel authorized to process Customer Data;
  • require the implementation of appropriate administrative, technical, and organizational security measures designed to protect Customer Data;
  • prohibit further subcontracting of processing activities without appropriate contractual safeguards; and
  • require compliance with applicable data protection and privacy laws.

Prior to engaging a Subprocessor, Locktera performs reasonable diligence to evaluate the Subprocessor’s security practices, operational reliability, and ability to protect Customer Data.

Locktera may also conduct periodic reviews or reassessments of Subprocessors to ensure continued alignment with Locktera’s security and data protection requirements.

4. SUBPROCESSOR SECURITY AND COMPLIANCE

Locktera requires Subprocessors engaged in connection with the Services to implement and maintain appropriate administrative, technical, and organizational security measures designed to protect Customer Data, including Personal Data, against unauthorized access, disclosure, alteration, or destruction.

Such security measures may include, without limitation:

  • encryption protections for data in transit and, where appropriate, at rest;
  • network and infrastructure security controls;
  • access management and identity authentication controls;
  • security monitoring, logging, and threat detection systems; and
  • incident response and security event management procedures.

Locktera requires Subprocessors to maintain security practices consistent with industry standards and applicable data protection obligations.

Locktera’s Services incorporate cryptographic container architecture designed to enforce security protections directly at the data level, enabling encryption and access control policies to remain bound to the data independent of the underlying storage or infrastructure environment.

Because Locktera’s cryptographic container architecture enforces encryption and access control at the data level, infrastructure providers supporting the Services generally do not have the ability to decrypt protected Customer content.

5. DATA TRANSFER SAFEGUARDS

Where Subprocessors process Personal Data that is subject to international data transfer restrictions, Locktera implements appropriate safeguards designed to ensure that such transfers are conducted in compliance with applicable data protection and privacy laws.

These safeguards may include contractual, technical, and organizational measures intended to ensure that Personal Data transferred to Subprocessors receives a level of protection consistent with applicable legal requirements.

Where required, such safeguards may include, without limitation:

  • execution of Standard Contractual Clauses (SCCs) or equivalent legally recognized data transfer mechanisms;
  • contractual commitments requiring Subprocessors to provide appropriate data protection safeguards; and
  • other lawful data transfer frameworks or mechanisms recognized under applicable data protection laws.

Locktera may also implement supplementary safeguards where necessary to ensure that Personal Data transferred to Subprocessors remains protected in accordance with applicable regulatory requirements.

6. SUBPROCESSOR LIST

Locktera maintains and publishes a current list of Subprocessors engaged in connection with the provision and operation of the Services.

The Subprocessor list identifies each Subprocessor and describes the category of services provided.

The current Subprocessor list is available at:

https://locktera.com/legal/locktera-subprocessor-list/

Locktera may update the Subprocessor list from time to time as Subprocessors are added, replaced, or removed in connection with the operation or improvement of the Services.

Updates to the Subprocessor list will be reflected on the above page, which serves as the authoritative source of information regarding Locktera’s current Subprocessors.

The Subprocessor List applies to all Locktera services, including Locktera Share, Locktera CORE API, and any related platform services, unless otherwise specified in the applicable service documentation.

Certain Subprocessors may support only specific Locktera services or operational functions. The Subprocessor List identifies the category of services provided by each Subprocessor to provide transparency regarding their role in supporting the Services.

7. CUSTOMER NOTIFICATION OF SUBPROCESSOR CHANGES

Locktera may update its Subprocessors from time to time in connection with the operation, maintenance, or improvement of the Services.

Where required by applicable data protection laws or contractual commitments, Locktera will provide notice of material changes to its Subprocessors.

Notice may be provided by updating the Subprocessor list available at:

https://locktera.com/legal/locktera-subprocessor-list/

or through other reasonable means of communication, including email notification or updates through the Locktera customer portal.

Customers may review the current Subprocessor list at any time through the Locktera legal portal.

Unless otherwise provided in an applicable agreement, Customer’s continued use of the Services following publication of an updated Subprocessor list constitutes acknowledgment of the updated Subprocessors.

7.1 Subprocessor Objection Right

Where required by applicable data protection laws or contractual commitments, Customers may raise reasonable objections to a newly appointed Subprocessor that processes Personal Data on their behalf. Locktera will review such objections in good faith and may provide an alternative solution or allow the Customer to discontinue the affected Services where reasonably necessary.

8. CUSTOMER QUESTIONS

Customers with questions regarding Locktera’s use of Subprocessors or this Subprocessors Policy may contact Locktera using the following contact information:

privacy@locktera.com

Locktera will use commercially reasonable efforts to respond to inquiries relating to Subprocessor practices, data protection obligations, or Customer Data processing in connection with the Services.

9. CATEGORIES OF SUBPROCESSORS

Locktera may engage Subprocessors that provide services supporting the delivery, operation, security, and administration of the Services. Such Subprocessors may fall within categories including, without limitation:

  • cloud infrastructure and hosting providers;
  • data storage and backup service providers;
  • monitoring, logging, and security infrastructure providers;
  • email, messaging, and notification delivery providers;
  • customer support and service management platforms;
  • operational analytics and diagnostic service providers; and
  • payment processing providers, where applicable.

Not all Subprocessor categories apply to every Locktera service offering, and the specific Subprocessors used may vary depending on the Services provided and the operational requirements of the platform.