GAIA APPROVED SUBPROCESSORS

As part of providing services, Socially Recruited Ltd, trading as Gaia ("Gaia"), engages third-party subprocessors to process personal data on behalf of customers. Additionally, Gaia works with independent data controllers for advertising services. This list is regularly updated and available at [www.iamgaia.com/subprocessors].

1. Infrastructure & Hosting Providers

‍Amazon Web Services (AWS)

Cloud hosting, storage & backup

UK

ISO 27001, GDPR, SOC 2

‍Okta (Auth0)

‍Authentication & identity management

UK/EU

ISO 27001, GDPR, SOC 2

2. Ad Platform Providers (Independent Data Controllers)

Meta (Facebook, Instagram, Messenger)

‍AI-driven  advertising

EU/US

GDPR, SCCs

‍LinkedIn

‍AI-driven  advertising

EU/US

GDPR, SCCs

‍Google & YouTube

‍AI-driven  advertising

EU/US

GDPR, SCCs

TikTok

AI-driven  advertising

EU/US

GDPR, SCCs

Snapchat

AI-driven advertising

EU/US

GDPR, SCCs

Pinterest

AI-driven  advertising

EU/US

GDPR, SCCs

‍X (formerly Twitter)

‍AI-driven  advertising

EU/US

GDPR, SCCs

‍Reddit

‍AI-driven  advertising

EU/US

GDPR, SCCs

3. Subprocessor Change Notification

• Customers will be notified at least 30 days in advance of any material subprocessor changes.
• If the Customer reasonably objects to a new subprocessor, Gaia will work with the Customer to find a suitable solution.

4. Compliance & Security

• All subprocessors are required to implement ISO 27001-level security measures.
• Data transfers outside the UK/EU comply with the Standard Contractual Clauses (SCCs, 2021) and UK IDTA.

For the most recent subprocessor list, visit [www.iamgaia.com/subprocessors].

‍