LegalPrizm - Legal Practice Management

Effective Date: September 21, 2025

VUGA Enterprises LLC d/b/a LegalPrizm ("LegalPrizm," "we," "us," or "our") engages third-party sub-processors to assist in providing our Service, including our website, mobile applications, and related services (collectively, the "Service"). This document lists the sub-processors that may process personal data on our behalf, as referenced in our Privacy Policy (https://legalprizm.com/privacy) and Data Processing Agreement (https://legalprizm.com/dpa).

1. SUB-PROCESSORS

The following sub-processors are engaged by LegalPrizm:

Sub-Processor	Purpose	Data Processed	Jurisdiction	Compliance Measures
Amazon Web Services, Inc.	Cloud hosting and storage	Encrypted user data, logs, documents	USA	ISO 27001, SOC 2, GDPR-compliant DPA
MongoDB Atlas (MongoDB, Inc.)	Database hosting	Encrypted case data, client information, documents	USA	ISO 27001, SOC 2, GDPR-compliant DPA
Cloudflare, Inc.	CDN and DDoS protection	IP addresses, traffic data	USA	ISO 27001, SOC 2, GDPR-compliant DPA
Stripe, Inc.	Payment processing	Billing information, transaction data	USA	PCI DSS, GDPR-compliant DPA
SendGrid (Twilio Inc.)	Email delivery	Email address, communication content	USA	ISO 27001, GDPR-compliant DPA
Datadog, Inc.	Error tracking and monitoring	Usage data, error logs	USA	SOC 2, GDPR-compliant DPA
Intercom, Inc.	Customer support	Support tickets, user communications	USA	SOC 2, GDPR-compliant DPA

2. UPDATES TO SUB-PROCESSORS

We may update this list to reflect changes in our sub-processors. We will notify you of new sub-processors at least 14 days in advance via email or in-Service announcement. You may object to a new sub-processor within 7 days by emailing [email protected]. If an objection cannot be resolved, you may terminate your account as per the Terms of Service.

Notification Process

We identify a new sub-processor for our Service
We send notification at least 14 days before engagement
You have 7 days to object via email to [email protected]
If unresolved, you may terminate your account without penalty

3. COMPLIANCE

All sub-processors are bound by data protection agreements that meet the requirements of Applicable Data Protection Laws, including GDPR and UK GDPR. We conduct due diligence to ensure their security and compliance standards align with ours.

Our Due Diligence Process

Review security certifications (SOC 2, ISO 27001, etc.)
Execute GDPR-compliant Data Processing Agreements
Verify compliance with applicable privacy laws
Conduct regular security assessments
Monitor for security incidents and breaches
Review and update agreements annually

Required Compliance Standards

All sub-processors must maintain:

Security Certifications: SOC 2 Type II or equivalent
Data Protection: GDPR-compliant Data Processing Agreements
Encryption: Data encrypted in transit and at rest
Access Controls: Role-based access with audit logging
Incident Response: 24-hour breach notification
Geographic Restrictions: Data residency requirements

4. DATA RESIDENCY

Customer data is primarily processed and stored in the United States. For customers in the European Economic Area (EEA) or United Kingdom (UK), we ensure adequate protection through:

Standard Contractual Clauses (SCCs) approved by the European Commission
Supplementary measures to ensure data protection equivalent to EU standards
Regular assessment of the legal environment in third countries
Data localization options for Enterprise customers (available upon request)

5. SUB-PROCESSOR CHANGES

Recent Changes

No recent changes to report. This section will be updated when sub-processors are added, removed, or modified.

Change Log

Date	Change Type	Sub-Processor	Description
September 21, 2025	Initial	All Listed	Initial publication of sub-processors list

6. YOUR RIGHTS

As a customer, you have the following rights regarding sub-processors:

Notification: Receive advance notice of new sub-processors (14+ days)
Objection: Object to new sub-processors within 7 days
Termination: Terminate service if objections cannot be resolved
Audit: Request information about sub-processor compliance
Data Requests: Exercise data subject rights through us

7. CONTACT US

Data Protection Officer

For questions about our sub-processors, data processing, or to exercise your rights:

VUGA Enterprises LLC d/b/a LegalPrizm
Address: 18117 Biscayne Blvd Unit 1039, Aventura, FL 33160, United States
Email: [email protected]
Phone: 786-967-6544

Response Times

• Sub-processor objections: Acknowledged within 2 business days
• General inquiries: Response within 5 business days
• Data subject requests: Processed within 30 days (per GDPR)
• Security incidents: Notification within 72 hours

Commitment to Transparency

We are committed to maintaining transparency about our sub-processors and data processing practices. This list is regularly updated to reflect our current sub-processor relationships and any changes to our data processing arrangements.

Sub-processors List