Effective 2026-05-12. This page is the canonical public list referenced in our Terms of Service. For the full DPA context, see our legal centre.
PipSync uses the vendors below as subprocessors (processors under Art. 28 GDPR) where they process personal data on our behalf. We provide at least 30 days' notice before adding or changing any subprocessor that handles personal data, unless a replacement is required for security or by law on shorter notice.
DPA & subprocessors (full section) · Legal centre · [email protected]
| Processor | Role | Location | Third-country | Safeguards (summary) |
|---|---|---|---|---|
| Hetzner Online GmbH | Cloud hosting, database, object storage | Germany (nbg1, Nuremberg) | No | EU / EEA processing; Art. 28 DPA on request |
| Stripe Payments Europe Ltd. / Stripe, Inc. | Subscription billing and payment processing | Ireland (contracting) — group processing may involve the United States | Yes | EU Standard Contractual Clauses (Commission Implementing Decision 2021/914) and Stripe data processing agreement; where applicable the EU–US Data Privacy Framework self-certification |
| Resend, Inc. | Transactional email delivery | Germany / EU region where offered — verify current data residency in vendor docs | Yes | Vendor DPA + SCCs as offered by Resend; contact [email protected] for the current transfer mechanism summary |
| Grafana Labs | Metrics and logs (PII-stripped operational telemetry) | Grafana Cloud EU stack where configured | Yes | Vendor DPA and SCCs as per Grafana Cloud terms; configuration targets EU region |
| OpenAI, LLC | LLM-based signal/message parsing (content minimised; no marketing profiling) | United States | Yes | EU Standard Contractual Clauses (2021/914) and OpenAI DPA / enterprise terms as applicable |
| Anthropic, PBC | LLM-based signal/message parsing (content minimised; no marketing profiling) | United States | Yes | EU Standard Contractual Clauses (2021/914) and Anthropic commercial DPA as applicable |