Sub-processors
Last updated: 2026-04-27
Up-to-date list of sub-processors per art. 28 GDPR. All extra-EU transfers comply with the EU-US Data Privacy Framework Adequacy Decision and/or SCC 2021/914. Technical supplementary measures are documented in our Transfer Impact Assessment, available on request.
| Sub-processor | Function | Data categories | Location | Transfer basis |
|---|---|---|---|---|
| Vercel | Hosting + edge runtime | Request log, IP, user-agent | USA (edge global) | EU-US DPF + SCC |
| Neon | Database PostgreSQL gestito | Tutti i dati applicativi (PII + business) | EU (FRA-1) | EU-only |
| Cloudflare R2 | Storage file ECU cifrati | Binari ECU cifrati (AEAD app-level) | EU (FRA) | EU-US DPF + SCC |
| Clerk | Autenticazione admin | userId, email admin, sessione | USA | EU-US DPF + SCC |
| PayPal (Orders v2) | Pagamenti one-shot ordini B2C | Nome, indirizzo billing, email, importo | USA + EU | EU-US DPF + SCC |
| PayPal (Subscriptions/Billing) | Sottoscrizioni B2B ricorrenti (subscribers) | Email subscriber, ragione sociale, indirizzo billing, importo, schedule ricorrenza | USA + EU | EU-US DPF + SCC |
| Resend | Email transazionali | Email destinatario, contenuto messaggio | EU (Irlanda) | EU-only |
| Twilio | SMS / WhatsApp (opzionale) | Telefono, contenuto messaggio | USA + EU | EU-US DPF + SCC |
| Inngest | Job queue async | orderId, fileId, event payload (no PII) | USA | SCC 2021/914 Module 2 |
For data protection queries or to exercise your GDPR rights (arts. 15-22), email info.techmatik@gmail.com.