Back to main

Sub-Processor List (LTplus AG – QTOpro)

Below is a current list of sub-processors (third-party service providers) that LTplus AG uses to deliver the QTOpro service. These companies may process personal data of our users or our users' end data on our behalf. We disclose their details in the interest of transparency and data protection compliance. For each sub-processor, we list the purpose, the types of data they handle, and their primary location.

(Last updated: Sept. 2 2025)

  • Clerk, Inc. – Purpose: Authentication and user management platform. Handles user login, registration, and session management for QTOpro. Data Processed: User identifiers (such as email, user ID), authentication credentials (like password hashes or magic link tokens), and metadata like last login time. Location: USA. (Clerk is certified under the EU-U.S. and Swiss-U.S. Data Privacy Framework, ensuring lawful data transfers from Europe/Switzerland to the U.S. They also offer a Data Processing Addendum – see Clerk's website.)
  • Stripe Payments Europe, Ltd. (and Stripe, Inc.) – Purpose: Payment processing for subscriptions and billing. Data Processed: Contact and billing details (name, email), payment method information (credit card tokens, etc.), transaction amounts, and subscription status. Location: Ireland (Stripe's European entity) and United States (Stripe, Inc.). (Stripe's services involve global infrastructure; personal data may be transferred to the U.S. under Standard Contractual Clauses. Stripe publishes a list of its own sub-processors and has a comprehensive DPA available on their website.)
  • Vercel, Inc. – Purpose: Cloud hosting and deployment of the QTOpro web application; also provides edge network and analytics. Data Processed: All data stored in or transmitted via QTOpro (this includes user account info, uploaded IFC files during processing, API requests, and logs). Location: Primarily USA (Vercel is a US-based company). However, data may transit globally via CDN. (Protected by Standard Contractual Clauses for EU/Swiss data. Vercel maintains high security standards and a GDPR-compliant DPA.)
  • PostHog, Inc. – Purpose: Product analytics to help us improve QTOpro's user experience. Data Processed: Usage events (e.g. page views, feature clicks), device and browser info, and an anonymous user identifier. We strive to avoid sending personally identifiable data to PostHog; the focus is on aggregated behavior. Location: USA (with options for EU hosting; if self-hosted by us, it may reside in EU servers). (Data transfers from the EU, if any, are covered by SCCs. PostHog offers a GDPR-compliant DPA and supports self-hosting which we utilize for better privacy.)
  • Email Sending Service (e.g., SendGrid or similar) – Purpose: Sending transactional emails (such as account verification emails, passwordless login links, subscription confirmations, and notifications). Data Processed: Email addresses of users and email content (which might include your name and details of the transaction or support message). Location: USA (with global delivery infrastructure). (Covered by SCCs for EU data; our email provider has a GDPR-compliant DPA as well.)
  • [Optional] Backup Storage / Server Provider (if distinct from above) – Purpose: Secure backup storage for databases and user data, for disaster recovery. Data: Encrypted backups of our database, which contain user account info and any stored data. Location: e.g., European Union (Frankfurt, Germany) for primary backup; secondary copies in a different region (U.S.) for redundancy. (Transfers are under SCCs as needed. Data remains encrypted and inaccessible to the storage provider.)

Sub-Processor Change Management: We evaluate all sub-processors for security and privacy standards before engagement. We will update this list promptly when we add or change any sub-processor that handles personal data. Major changes will be communicated to customers (e.g., via email or in-app notification) as needed, especially if you have a Data Processing Addendum with us that gives you an opportunity to object.

If you have questions or concerns about any of these sub-processors, please contact us at support@lt.plus. We can provide links to the privacy documentation or Data Processing Agreements of these providers upon request.