Sub-Processors
Third-party service providers who process personal data on our behalf
Last updated: January 2, 2026
What are Sub-Processors?
Sub-processors are third-party companies that we engage to help us provide our services. These companies may process personal data on our behalf, subject to our instructions and in accordance with applicable data protection laws.
We maintain contracts with all sub-processors that include data protection obligations consistent with GDPR requirements.
Current Sub-Processors
The following is a list of sub-processors we currently use:
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| OVHcloud | Cloud Infrastructure & Hosting | All customer data stored on our platform | European Union (France) |
| PostgreSQL (Self-hosted) | Database Storage | All structured customer data | European Union (via OVHcloud) |
| Stripe | Payment Processing | Payment information, billing address, email | United States (EU-US Data Privacy Framework) |
| Mailgun (planned) | Transactional Email | Email address, name | European Union |
Infrastructure Components
The following open-source tools are used within our infrastructure (self-hosted, no external data transfer):
- Docker - Container runtime for security scanning tools
- Nmap - Network scanning tool
- Nuclei - Vulnerability scanner
- Trivy - Container security scanner
- OWASP ZAP - Web application security scanner
These tools run entirely within our EU-based infrastructure and do not transmit data to external parties.
Data Transfer Safeguards
For any sub-processors located outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:
- EU-US Data Privacy Framework certification (where applicable)
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Binding Corporate Rules where available
Changes to Sub-Processors
We will notify customers of any intended changes to our sub-processors by updating this page. Customers who have subscribed to our service updates will receive email notification of material changes.
Customers have the right to object to the engagement of a new sub-processor by contacting us within 30 days of notification.
Contact Us
If you have questions about our sub-processors or data processing practices, please contact our Data Protection Officer:
Email: dpo@secure7.com
Address: Secure7 Innovations Sp. z o.o., ul. Erazma Ciołka 17/304, 01-445 Warszawa, Poland