Skip to main content
sylphx

Updated: 2026-05-04

Sub-processors

This page lists third parties that process customer personal data on Sylphx's behalf to deliver the platform. Customers receive 30 days' notice of material additions or replacements.

Definition

A sub-processor is a third party that processes customer personal data on Sylphx's behalf. This does not include third parties selected by a customer to front or operate their own app.

Active sub-processors

Hetzner Online GmbH

EU (DE)

Service
Managed service runtime hosting (FSN1 datacenter, Falkenstein DE)
Data processed
Customer data at rest and in transit through the service runtime
Contract
DPA executed; SOC 2 Type II inherited

Cloudflare, Inc.

Global edge

Service
Edge + DDoS protection for *.sylphx.com and *.api.sylphx.com
Data processed
Request metadata only — no customer data persists at the edge
Contract
DPA executed

Stripe, Inc.

US (with EU sub-processors per Stripe DPA)

Service
Billing + payment processing
Data processed
Cardholder data (Stripe is the controller); customer-of-Sylphx billing-contact metadata
Contract
DPA executed; PCI DSS Level 1 inherited

Resend, Inc.

US

Service
Transactional email delivery (auth flows, webhook receipts, invoices)
Data processed
Recipient email + message body
Contract
DPA executed

GitHub, Inc.

US (with EU regions for Actions)

Service
Source-code hosting + Actions runners
Data processed
Sylphx-internal code (no customer data) — listed for completeness
Contract
Standard GitHub Enterprise terms

Pending / proposed

Sentry (Functional Software, Inc.)

Error-tracking sink for level >= error log lines

Wired but inactive; no DSN provisioned

Tempo / Loki / Mimir (Grafana Labs OSS — self-hosted)

Distributed tracing + log warehouse

Self-hosted, no third-party sub-processor relationship

Customer rights

  • Request the current list of sub-processors at any time.
  • Object to a new sub-processor within 30 days of notification.
  • Request executed DPA evidence for a sub-processor under NDA.

Email [email protected] for notifications or requests. See also the security overview.