Last updated: 4 May 2026
Below is the complete list of third parties Complira uses to process personal data on behalf of customers, as referenced in our Data Processing Agreement. We notify customers at least 30 days before adding or replacing a sub-processor and you may object by writing to support@complira.be.
| Provider | Purpose | Data processed | Processing location | Transfer safeguard |
|---|---|---|---|---|
| Stripe Payments Europe Ltd / Stripe Inc. | Payment processing, subscription billing, tax/VAT collection | Customer name, email, billing address, VAT number, payment method tokens (cards never stored on Complira) | Ireland (EU) and United States | EU Standard Contractual Clauses (2021/914) under Stripe's Data Processing Agreement |
| Hetzner Online GmbH | Application hosting and database infrastructure | All application data while in transit and at rest on the server (encrypted at rest) | Falkenstein, Germany (EU) | EU-only; no transfer outside EEA |
| Scaleway SAS | Object storage for evidence files and encrypted database backups | Evidence files uploaded by customers; nightly encrypted PostgreSQL backups | Amsterdam, Netherlands (EU) | EU-only; no transfer outside EEA |
| Zoho Corporation B.V. | Outbound transactional email (account confirmation, password reset, team invitations, support replies) | Recipient email address, email contents (e.g. invitation link, reset token, support thread) | European Union (smtp.zoho.eu) | EU-only; no transfer outside EEA |
| Functional Software Inc. (Sentry) | Error monitoring and performance tracing (5% sample rate) | Stack traces, request URL and parameters (PII filtered), authenticated user ID, IP address (truncated) | United States | EU Standard Contractual Clauses (2021/914) under Sentry's Data Processing Agreement |
| Cloudflare, Inc. | Authoritative DNS for complira.be (DNS resolution only - no traffic proxying or content delivery) | DNS query metadata (IP of resolver, requested hostname); no application traffic | Global anycast network | EU Standard Contractual Clauses (2021/914) under Cloudflare's Data Processing Addendum |
| Docker, Inc. | Private container registry for application deployment images | Application binary images (no customer personal data is included in images) | United States | EU Standard Contractual Clauses (2021/914); images contain no personal data |
We do not use Google Analytics, advertising pixels, or any third-party tracker. our internal traffic analytics are stored in our own EU-hosted PostgreSQL database with IP masking enabled. See our Cookie Policy for details.