Sub-processors
Public list of authorised sub-processors that handle personal data on behalf of Athleex (Art.28(2) GDPR). Updated whenever a vendor is added or changed.
Last updated: 2026-04-26
| Vendor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Server infrastructure (app + database hosting) | Germany (EEA) | No extra-EEA transfer |
| Stripe Payments Europe Ltd. | Credit-card payment processing | Ireland (EEA) + USA | EU-US Data Privacy Framework + SCC |
| Resend, Inc. | Transactional email (welcome, invoices, drip) | USA | EU-US Data Privacy Framework certified |
| Meta Platforms Ireland Ltd. | WhatsApp Business + Instagram Graph bridge (only if PT enables it) | Ireland (EEA) | SCC + adequacy decision |
| OpenStreetMap Foundation (Nominatim) | PT address geocoding (latitude/longitude for map) | United Kingdom | UK adequacy decision |
| Google Ireland Limited / Google LLC | Google Analytics 4 (consent-gated) + Google Search Console (SEO) | Ireland (EEA) + USA | EU-US Data Privacy Framework + SCC |
| Apple Inc. | Push notification delivery to iOS / Safari devices (APNs) | USA | EU-US Data Privacy Framework |
When we add or replace a sub-processor we notify customers by email at least 30 days before activation, so they can raise reasoned objections.
Questions or objections: info@athleex.com