Sub-processors
GDPR Article 28 · Last updated: June 2026
TalentX engages the following sub-processors to deliver the service. Each is bound by a
Data Processing Agreement (DPA) requiring GDPR-equivalent safeguards. We will notify
customers of any new sub-processor at least 14 days before it begins processing data.
| Sub-processor | Purpose | Data processed | Location | Safeguard |
|---|---|---|---|---|
| Stripe, Inc. | Payment processing & subscription billing | Organisation owner email, billing identifiers | EU / US | Standard Contractual Clauses |
| Microsoft Corporation (Azure AD) | Single sign-on authentication (opt-in, Corporate/Enterprise plans only) | Azure AD object identifier, authentication tokens | EU (data boundary) | Microsoft EU Data Boundary |
| Email delivery provider (tenant-configured SMTP) | Transactional email delivery (notifications, GDPR confirmations) | Name, email address, notification content | Configured by customer | Customer-selected; customer responsible for own DPA with provider |
| Infrastructure / hosting provider | Application hosting and database storage | All data described in the RoPA | EU/EEA (customer-deployed) or self-hosted | Self-hosted deployments process no data outside the customer's own infrastructure |
Self-hosted (on-premises) TalentX deployments do not transmit personal data to TalentX Ltd. or any sub-processor listed above except where the customer has explicitly configured one (e.g. their own SMTP relay or Azure AD tenant).