We use the following third-party service providers ("sub-processors") to deliver the Service. Each sub-processor is bound by a written agreement containing data protection terms equivalent to those in our Privacy Policy and consistent with Article 28 of GDPR.
We review this list periodically and update it when sub-processors are added, removed, or materially changed. If you have an active subscription you may subscribe to receive notice of changes by emailing support@astronalgo.com.
Current Sub-processors
| Sub-processor | Purpose | Data categories | Processing location | Safeguards |
|---|---|---|---|---|
| Contabo GmbH | VPS hosting and infrastructure for the Service. | All hosted data, server logs, IP addresses. | Germany (EU) | EU controller; GDPR-compliant DPA. |
| Cloudflare, Inc. | DNS, CDN, DDoS protection (where applicable). | IP addresses, request metadata, edge logs. | United States (global edge) | EU SCCs (2021/914); data processing addendum. |
| Google LLC (Google Analytics 4) | Aggregate web analytics, loaded only with user consent. | Pseudonymous device identifier, IP (anonymised), interaction events. | United States | EU SCCs; IP anonymisation enabled; user consent required. |
| Authentication provider | User authentication, account state, and session management. | Email, hashed password, session tokens, account metadata. | EU/US | DPA in place; EU SCCs where applicable. |
| Payment Provider (Merchant of Record) | Subscription billing, payment processing, tax handling, invoicing. | Billing email, plan, subscription state, last 4 digits of card. | United States | PCI-DSS compliant; EU SCCs; MoR handles tax and consumer compliance. |
| Email delivery provider | Transactional emails (account, security, billing notifications). | Email address, message content. | EU/US | DPA; EU SCCs where applicable. |
Notes
- Specific vendors for authentication, payment, and email delivery may evolve as we integrate the production stack; we will update this page accordingly.
- We do not authorise sub-processors to use personal data for their own purposes or to sell it.
- International transfers are protected by EU Standard Contractual Clauses (2021/914) and equivalent safeguards under KVKK Article 9 and UK GDPR.
Contact
Questions about our sub-processors: support@astronalgo.com.