International Transfers (SCCs)
How we address cross-border data transfers and provide appropriate transfer mechanisms where applicable. This page summarizes our approach;
the specific mechanism used depends on customer deployment and data residency needs.
Last updated: December 16, 2025
Overview
Customers may use Workplace.io across regions. Where personal data is transferred from the EEA/UK/Switzerland to other jurisdictions,
we support appropriate transfer mechanisms as required, including Standard Contractual Clauses (SCCs) where applicable.
Practical scope
Transfer requirements depend on where customer users and systems are located and where the service is hosted. We coordinate with customers
during procurement to meet contractual and compliance requirements.
How SCCs fit into our contracts
SCCs are typically incorporated through the Data Processing Addendum (DPA) when required. If your organization requires SCCs,
we will provide the relevant documentation during procurement.
Subprocessors and transfers
Subprocessors may process data in different regions depending on configuration. We document key subprocessors and coordinate appropriate
contractual commitments for subprocessors where required.
Security measures supporting transfers
Transfer mechanisms are supported by security controls that reduce exposure risk. Workplace.io applies encryption in transit and at rest,
access controls, and logging/monitoring to support confidentiality and integrity.
- Encryption: TLS for data in transit and encryption at rest in hosting environments.
- Access controls: workspace membership and role-based restrictions for administrative actions.
- Data minimization: message content processed briefly; derived metadata and aggregated results retained.
How to request SCCs
If your procurement or legal team requires SCCs, contact us with your preferred contracting flow and jurisdiction scope.
We will coordinate the appropriate documentation.