To provide the platform, Pladsly works with the following sub-processors. With every sub-processor we have a data processing agreement in place under Art. 28 GDPR and, where required for third-country transfers, standard contractual clauses under Art. 46 GDPR and/or a DPF certification.
This list is kept up to date. We notify you by email at the address stored in your account about material changes.
| Sub-processor | Location / configuration | Data processed | Purpose | Legal basis |
|---|---|---|---|---|
| Vercel Inc. (Hosting) | Primary Frankfurt (EU), USA as failover | Hosting content, server logs | Platform delivery | EU region primary, EU-US DPF + SCCs |
| Vercel Inc. (Workflows) | USA (iad1, region not configurable) | Exclusively product-related data and image references — no personal data | Orchestration of the AI pipeline for product images | EU-US DPF + SCCs |
| Vercel Inc. (Analytics) | EU-aware, cookieless | Aggregated, anonymous usage statistics | Reach measurement | Data minimisation by design |
| Vercel Inc. (Blob Storage) | Frankfurt (EU) | Uploaded product images | Image storage | EU region |
| MongoDB Inc. (Atlas) | Frankfurt (EU) | Database contents (identity- and business-layer data) | Database hosting | EU region + Atlas DPA + SCCs |
| Resend (Resend Inc.) | USA | Email content and recipient addresses | Sending transactional emails | EU-US DPF + Resend DPA + SCCs |
| Google LLC (Vertex AI) | Frankfurt (europe-west3) or the Netherlands (europe-west4) | Product images (no personal data per AUP) and derived analyses | AI-supported product enrichment | EU region + Google Cloud DPA + DPF |
| Stripe Payments Europe Ltd. / Stripe Inc. | Ireland / USA | Payment and identity data of the payer | Payment processing (Stripe is an independent controller) | EU-US DPF + Stripe DPA + SCCs |
Questions about sub-processors or about the specific third-country transfer documentation: datenschutz@pladsly.app
Full privacy policy: pladsly.app/privacy