Subprocessors #
Subprocessors are third parties that process personal data on behalf of EthicsPortal when EthicsPortal acts as processor for operator-organizations (controllers). This list is published per Article 28(2) GDPR and the Data Processing Agreement.
Last updated: 2026-04.
Current subprocessors #
| Subprocessor | Jurisdiction | Purpose | Data categories |
|---|---|---|---|
 Hetzner Online GmbH | 🇩🇪 Germany (EU) | Server, database hosting, and file attachment storage | All application data: reports, handler identity, messages, audit logs; uploaded attachments (metadata stripped before upload) |
 Cloudflare, Inc. | 🇺🇸 United States | Marketing-site CDN and DDoS protection | Visitor IP addresses and request headers for marketing-site requests; cached static assets. No reports, handler data, or account data |
 Mailjet SAS | 🇫🇷 France (EU) | Transactional email delivery | Handler email addresses, access-code notifications, billing emails |
 Stripe Payments Europe, Ltd | 🇮🇪 Ireland (EU) | Subscription billing and payment processing | Operator billing contact, tokenized payment data |
 AppSignal B.V. | 🇳🇱 Netherlands (EU) | Error tracking and application performance monitoring (admin and handler side only) | Stack traces, request metadata; reporter IPs are never logged |
 Crisp IM SARL | 🇫🇷 France (EU) | In-app customer chat for handlers (loaded only in the handler portal); supports operator identity verification (KYC). See note below on reporter privacy. | Handler IP, chat content, operator organization name and contact, identity-verification materials |
Whistleblower reporter privacy. Crisp is loaded only in the handler/admin portal. It is not present on the marketing site or on the whistleblower reporting portal — the surface where reporters submit and follow up on their reports. No Crisp script, cookie, or identifier reaches reporter-facing pages. Reporters are never tracked by Crisp.
No AI or LLM sub-processor. No large language model, generative AI service, or AI-based classifier is a sub-processor of EthicsPortal. Report content, reporter identity, handler messages, and audit logs are not transmitted to OpenAI, Anthropic, Google, Mistral, or any other AI inference provider. This is a product commitment, not a configuration default — see §5 of the Directive coverage map for the legal framing.
Transfers to jurisdictions outside the EU/EEA rely on Standard Contractual Clauses and additional safeguards as detailed in the Data Processing Agreement.
What counts as a subprocessor #
A subprocessor is any third-party service that processes personal data on behalf of EthicsPortal under a written processing agreement. Services appear here only if they receive, store, or transmit personal data. Internal libraries, package registries, and build-time dependencies are not subprocessors.
Notification of changes #
Operators are notified of additions or changes to this list at least 30 days before a new subprocessor begins processing personal data. Objections to a proposed subprocessor may be raised under the Data Processing Agreement.
Questions #
For questions about subprocessor data-handling, contact privacy@ethicsportal.eu .
Last updated: