Sub-processors.

Infrastructure.

• Hetzner Online GmbH (Germany) — primary hosting provider. Operates the servers that run the application, database, object storage, and background worker. All data at rest within the Hetzner Falkenstein / Nuremberg regions.
• MinIO (self-hosted, EU) — S3-compatible object storage for generated QR images and passport attachments. Runs on the same Hetzner infrastructure; named separately because it is a distinct trust boundary.

Email delivery.

• Resend (Resend, Inc.) — transactional email for magic-link sign-in, trial reminders, billing receipts. Data shared: recipient email address, subject, rendered message body. Standard Contractual Clauses in place.

Billing.

• Stripe Payments Europe, Ltd. (Ireland) — subscription billing, card processing, customer portal. Card data is collected by Stripe directly and never stored by us. Data shared with Stripe: customer email, company name, country, subscription state.

Not sub-processors.

The following touch traffic to the service but do not process personal data in a way that makes them sub-processors under Article 28:

• DNS providers and CDNs that route requests without persisting personal data.
• Font providers loading public typefaces over HTTPS.
• The EU Central Registry (from July 2026) — we send only the passport identifier and canonical URL, no personal data.

How to object.

If you object to a newly-announced sub-processor you may cancel your subscription before the effective date and receive a pro-rata refund for the unused portion of the current period.

Questions on this policy? Use the contact form — or email the team through the details on the contact page.