Factorial
VERIFIEDSpanish HR + payroll + finance SaaS (Barcelona, est. 2016); 16K+ customers, ISO 27001 + SOC 2 + AWS EU, US-VC-funded.
Why this score?
Factorial (Barcelona ES, founded 2016) is ISO 27001 + SOC 2 Type II certified with AWS EU hosting and 16,000+ customers; cap table includes Tiger Global, CRV, General Catalyst, GGV (all US VCs) plus Atomico (UK) and Creandum (EU) — material US-VC funding flips signal to eu_hq_us_funded and creates CLOUD Act influence.
- SCORE
- 3.0/5
- CLOUD ACT
- CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
-
- OWNERSHIP
- OWNERSHIP
Where ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded This listing EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other Swiss, UK or another non-EU jurisdiction.
-
- SUB-PROCS
- — not disclosed
JUMP TO
About Factorial
Sub-processor map · not disclosed
Frameworks & certifications
Capability matrix
Pricing & tiers
Public documents
-
missingData Processing Addendum (DPA)— missing
-
missingSub-processors list— missing
Alternatives in this category
French sovereign-cloud HR platform (Nantes / Paris, est. 2002); SecNumCloud + ISO 27001; 1M+ users incl. AXA, Deezer.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Sage Group plc's HR cloud product (formerly CakeHR from Riga, acquired 2019); UK-public parent, modular SMB HR.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor This listing A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Munich-based HR flagship for European SMBs (founded 2015); ISO 27001 + SOC 2 + TISAX; ~$770M US-VC-funded.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.