§ // Legal
List of sub-processors
// Last updated : 2026-05-25
In accordance with Article 28 of the GDPR, here is the exhaustive list of sub-processors with access to user data.
| Sub-processor | Purpose | Region | DPA |
|---|---|---|---|
| Stripe Payments Europe Ltd | Payment processing (Stripe Checkout + Customer Portal). | IE / US | View DPA |
| Sendinblue / Brevo SAS | Transactional email delivery (verification, alerts, reports). | FR | View DPA |
| Cloudflare, Inc. | CDN, DDoS protection, DNS. | EU / US | View DPA |
| AWS Europe (Frankfurt) | Object storage for generated PDFs. | DE | View DPA |
| Sentry / Functional Software, Inc. | Backend and SPA error tracking. | US | View DPA |
Any new sub-processor will be communicated to customers by email 30 days before it takes effect.