Subprocessors
Last updated: 23 May 2026
This page lists the current categories of third-party subprocessors that may process personal data on behalf of LocalLeads. Each subprocessor is bound by written terms requiring confidentiality, security and processing only on our instructions, consistent with our Privacy Policy and Data Processing Addendum.
We publish the categories of subprocessors here so that prospective customers, regulators and data subjects can understand how their data is handled at a structural level. The specific named list of subprocessors — including each provider's legal identity, principal place of processing and the contractual safeguards we have in place — is provided to customers under the Data Processing Addendum on request and subject to confidentiality. This is consistent with industry practice for business-to-business SaaS where the named composition of the supply chain is commercially sensitive.
We will update this page when we add or remove a category of subprocessor. Customers on plans that include subprocessor change notifications are notified by email in advance of material changes to the named list.
| Category | Purpose | Processing region | Data categories |
|---|---|---|---|
| Data-sourcing partners | Retrieval of publicly available business information used to populate the LocalLeads index (public directories, public business profiles, public websites). | Global | Search queries; URLs requested; public business listing fields returned by the source. |
| Transactional email infrastructure | Delivery of account, security, billing and product-event email (e.g. receipts, password resets, export-ready notifications). | Outside India | Recipient email address, name, email body, delivery and engagement metadata. |
| Payment processors | Authorisation, settlement and refunds for subscriptions and credit-pack purchases. Operate under PCI DSS. | India and outside India, depending on the customer's selected payment method | Billing name, email, transaction amount and metadata. Card / instrument data is processed by the payment processor directly and is not stored by LocalLeads. |
| Customer-support tooling | Live-chat and email-based customer support, ticketing and knowledge-base search. | Outside India | Name, email, conversation content, page and device metadata associated with a support session. |
| Application monitoring and error tracking | Operational observability: performance metrics, error traces, structured server logs. | Outside India (with EU regions available) | Server-side log lines, error traces, request metadata, IP, user agent, anonymised user identifiers. |
| Single sign-on providers | Optional authentication via the customer's existing identity provider. | Outside India | Profile name, email and provider account identifier returned to LocalLeads at sign-in. |
| AI infrastructure providers | Inference and reasoning for in-product AI features (search assistance and AI-agent capabilities). | Outside India | Customer-submitted prompts and the contextual data the customer chooses to include in those prompts. |
| Content-delivery, edge security and DNS providers | DNS resolution, content delivery, denial-of-service mitigation, web-application firewall. | Global edge | Request IP, headers, basic security telemetry. |
| Cloud hosting, database and object-storage providers | Application compute, database, cache and queue infrastructure. Encrypted at rest where supported by the provider. | India and / or outside India, depending on the workload | All customer account data, customer-submitted configuration, and the cached lead-data index. |
Requesting the named list
Customers and prospective customers can request the current named list of subprocessors, along with the applicable contractual safeguards and copies of relevant Standard Contractual Clauses, by contacting privacy@postorbit.io from a verifiable business email address. Disclosure is provided under a mutual confidentiality undertaking incorporated into the Data Processing Addendum.
Questions or objections
If you have questions about our subprocessors, would like a copy of the applicable contractual safeguards, or wish to object to a particular subprocessor, contact us at privacy@postorbit.io.