Legal
Subprocessors
We engage the following third parties to help operate IntellibizOps. Each is bound by a Data Processing Agreement (DPA) or equivalent safeguard.
Active sub-processors
| Sub-processor | Purpose | Where | Safeguard | Privacy info |
|---|---|---|---|---|
| Hetzner Online GmbH | Application hosting and primary database (Falkenstein, Germany) | EU | DPA on file, GDPR-aligned | hetzner.com/legal |
| Stripe Payments Europe, Ltd | Subscription billing and payment processing | Ireland (EU) | Stripe DPA | stripe.com/privacy |
| Xero (Ireland) Ltd | Accounting integration — only when you explicitly connect it; data flow is controlled by your Xero permissions | Ireland / UK | Customer-managed connection; Xero DPA | xero.com/about/terms |
| Google LLC | Transactional email delivery (Gmail SMTP) — invite emails, password resets, system notifications | US | EU-US Data Privacy Framework + Standard Contractual Clauses | policies.google.com/privacy |
Planned additions
We will notify registered users by email at least 14 days before adding any new sub-processor. Customers may object to additions before they take effect.
| Planned | Purpose | Where | Status |
|---|---|---|---|
| Anthropic PBC | AI inference (Claude) — currently we run Ollama locally; Anthropic may be added for a higher-quality tier | US | DPF-certified, will sign DPA before activation |
| Encrypted backup provider (TBD) | Off-site backups | EU only | Not yet selected |
Self-hosted components (no third-party data flow)
These components run on our own EU servers and do not constitute sub-processors:
- Ollama — local large language model inference
- PostgreSQL — primary database
- Caddy — HTTPS reverse proxy
Changes
This list is updated whenever a sub-processor is added, removed, or has a change of purpose. The "Last updated" date at the top reflects the most recent change.
Contact
For questions about sub-processors or to request a copy of any DPA: charlesmorrisonbell@gmail.com