Sub-processors

Last updated 1 May 2026 · The current list of third parties that process customer data on our behalf.

What this page is for Under our DPA we publish the current list of sub-processors. We give 30 days' notice before adding or changing one. Subscribe at the bottom of this page to be notified, or check the updatedAt at the top.

How we use sub-processors

Dazr is the prime processor under your DPA. Sub-processors carry out parts of the service on our behalf under written contracts that impose data-protection obligations no less protective than those we owe you. Where a sub-processor is established outside the EU, transfers are governed by the European Commission's Standard Contractual Clauses with supplementary measures appropriate to the data category.

Current sub-processors

The categories below describe the function. Specific provider names and the per-provider DPA references are made available to customers on a Pro or Enterprise subscription on request to privacy@dazr.eu; we don't publish the named providers on the open web because the details vary across our deployment regions and across customer tiers.

Category	What they do	Data categories	Region
EU cloud infrastructure	Compute, edge functions, key-value storage, blob storage for evidence files. Operates the production runtime that serves the portal and the API.	All workspace content (encrypted at rest at the application layer in addition to provider-level encryption); member identities; billing-state mirrors.	EU only
Distributed cache for rate-limit counters	Holds short-TTL counters that throttle public endpoints and the admin login.	Hashed IP addresses and email addresses; counter values. No workspace content.	EU
Payment processor	Card collection, mandate management, recurring billing for Pro and Enterprise.	Billing contact, VAT id, invoice address, payment-state metadata. No card data ever touches our servers.	EU (Netherlands)
Transactional email	Sign-in codes, member-invite emails, auditor-invite emails, notification emails (assignment, reminder, escalation), Enterprise lead acknowledgements.	Recipient email; subject; HTML body for the duration of delivery.	EU
Customer support tooling	Incoming support email and Enterprise-lead inbox routing.	Whatever the sender includes in the email. Tickets retained 24 months from last activity.	EU

What we don't use

We do not use:

Web analytics products (Google Analytics, Plausible, Amplitude, Mixpanel, etc.).
Advertising networks or any third-party trackers.
Customer-data-platform tools that would replicate workspace data into a marketing tool.
AI / LLM providers for processing customer content. Workspace content is not sent to a model.
Crash-reporting services that would receive workspace content. Server-side errors are logged inside our own infrastructure.

Affiliates

We have no group affiliates that process customer data on our behalf today. If that changes we'll list them here.

Changes

We will give workspace owners at least 30 days' written notice before adding a new category of sub-processor or replacing a provider in an existing category. Notice goes to the workspace owner email on file and to the subscription list below. The DPA explains the customer's right to object on reasonable data-protection grounds.

Subscribe to changes

To get notified when this list changes, email privacy@dazr.eu with the subject "Subscribe to sub-processor changes" and the workspace ID. We'll add you to the announcement list. Unsubscribe any time.

Contact

Privacy / DPA matters: privacy@dazr.eu
Security incidents: security@dazr.eu