Legal

Subprocessors

Version 1.0

# Subprocessors

The following third parties process personal data on behalf of the Operator in

order to deliver the Service. Each one is bound by a data-processing agreement in

line with Art. 28 GDPR.

| Subprocessor | Purpose | Region |

| --- | --- | --- |

| Postmark (ActiveCampaign, LLC) | Transactional email delivery (verification, notifications, billing) | USA (SCCs) |

| Stripe, Inc. | Payment processing for paid plans | USA / EU (SCCs) |

| Cloudflare, Inc. | DNS and network security | Global (SCCs) |

| Google LLC | Google OAuth sign-in, only if enabled by the Customer | Global (SCCs) |

The application and its database are hosted on infrastructure operated directly

by the Operator within the European Union; no third-party hosting subprocessor is

involved. Emails sent through an SMTP server configured by the Customer are

transmitted by the Customer's own provider and are outside this list.

Material changes to this list will be announced in-app before they take effect,

and Customers may object for valid data-protection reasons.