Sage HR
VERIFIEDSage Group plc's HR cloud product (formerly CakeHR from Riga, acquired 2019); UK-public parent, modular SMB HR.
Why this score?
Sage HR (originally CakeHR, founded Riga LV 2016) was acquired by Sage Group plc (UK FTSE 100, no US parent) in 2019 and is now part of Sage Business Cloud; ISO 27001 inherited from parent, UK jurisdiction = ownership_signal: other, no material US-PE involvement = cloud_act_exposure: minor; one of the cleanest non-Nordic non-DACH HR options for SMB buyers willing to accept UK jurisdiction.
- SCORE
- 4.0/5
- CLOUD ACT
- CLOUD ACT EXPOSURE
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor This listing A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
-
- OWNERSHIP
- OWNERSHIP
Where ultimate control over the operating company sits.
-
EU-owned EU-incorporated and EU-controlled; no significant US ownership.
-
EU HQ, US-funded EU-headquartered but US venture- or PE-controlled.
-
US-owned US-headquartered, or has a US parent company.
-
Other This listing Swiss, UK or another non-EU jurisdiction.
-
- SUB-PROCS
- — not disclosed
JUMP TO
About Sage HR
Sub-processor map · not disclosed
Frameworks & certifications
Capability matrix
Pricing & tiers
Public documents
-
Open ↗Data Processing Addendum (DPA)www.sage.com/en-gb…
-
missingSub-processors list— missing
Alternatives in this category
French sovereign-cloud HR platform (Nantes / Paris, est. 2002); SecNumCloud + ISO 27001; 1M+ users incl. AXA, Deezer.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None This listing EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Spanish HR + payroll + finance SaaS (Barcelona, est. 2016); 16K+ customers, ISO 27001 + SOC 2 + AWS EU, US-VC-funded.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.
Munich-based HR flagship for European SMBs (founded 2015); ISO 27001 + SOC 2 + TISAX; ~$770M US-VC-funded.
- EU / adequacy operator
- EU / adequacy hosting
- No US CLOUD Act exposure
- Third-party certification
- Open-source clients
- Public DPA
- Sub-processors disclosed
How exposed customer data is to US authorities under the CLOUD Act.
-
None EU operator, no US parent, no US sub-processors of note.
-
Minor A transient US sub-processor (CDN, maps); data at rest stays in the EU.
-
Material This listing US parent, or a core sub-processor is a US-owned hyperscaler.
-
Direct The operator itself is US-incorporated.