Lookback is complying with the EU General Data Protection Regulation (GDPR) both as a controller and as a processor.
Our Service Agreement contains the necessary provisions for customers to engage us as a processor. There is no need to sign a Data Protection Addendum for that purpose (if you need a DPA for any other reason we offer that on our enterprise plan).
If you are interested in what we do to keep your data safe we have detailed that on our security page where you can get an overview, or download our security whitepaper for more details.
We store most of your data in the EU. For cases where it's transfered outside of the EU Lookback has self-certified for the EU-US Privacy Shield.
You can find a list of our processors and sub-processors here.