the full list
Sub-processors
Last updated: July 11, 2026
We tell people to ask every analytics vendor for its sub-processor list before writing "no US exposure" in a compliance document. That includes us. Here is ours, in full, with the distinction that actually matters: what touches your visitors' data, and what touches our own operations.
1. Your visitors' data: it never leaves the EU
Every analytics event we collect for you is stored and processed in Germany, on our own database engines. No US company holds it, and no transfer mechanism is needed for it.
| Provider | What it does | Where |
|---|---|---|
| Hetzner Online GmbHEUAll analytics data. We run our own database engines on these servers: no managed third-party database is in the path. | Hosting (servers, ClickHouse, Postgres) | Germany (EU) |
| Cloudflare, Inc.non-EUPassing traffic only (TLS termination, DDoS protection). No analytics data is stored there. Cloudflare is a data processor for the request metadata it necessarily sees. | CDN and DNS in front of our domains | US company, EU edge |
2. Our own operations: yes, there are US vendors
Like every SaaS on earth, we bill customers and we send emails. These vendors see the email address of a Datalenk customer, never the data of that customer's visitors. Where a provider processes data outside the EU, we rely on the EU Standard Contractual Clauses. We would rather name them than let you discover them.
| Provider | What it does | Where |
|---|---|---|
| Stripe, Inc.non-EUThe billing details of Datalenk customers (not their visitors). Stripe never receives visitor data. | Billing (our own subscriptions) | US / Ireland |
| Amazon Web Services (SES)non-EUThe email address of a Datalenk customer, and the subject of the email we send them. Never visitor data. | Transactional email relay | US / EU region |
| Brandfetchnon-EUA domain name (for example stripe.com) to fetch a logo, requested server-side. Your visitors' browsers never contact them, and no visitor data is sent. | Brand logos in the dashboard | Switzerland / US |
| thum.ionon-EUA page URL, only if you switch the screenshot on. It is opt-in and off by default, precisely because it is the one place a page of yours would leave our infrastructure. | Page screenshots behind heatmaps | US |
What we do not use
No advertising network, no data broker, no analytics-on-our-analytics, no session-recording SaaS, and no LLM provider in the path of your data (the AI insights feature is off, and if we ever turn it on, this page says so first, and you get to say no).
Changes
We update this page before a new sub-processor starts handling data, not after. Questions, or a compliance review that needs more detail? Email [email protected]. See also our Data Processing Agreement and our Privacy Policy.