Sub-processors and data flow.
This register lists the external providers that may process BleedWatch customer data, the purpose for each provider, the categories of data involved, and the region or transfer mechanism in use.
Advance notice before processor changes.
We notify customers at least 30 days in advance of any new sub-processor or material change in sub-processor scope. Notification includes the provider, purpose, data category, region, transfer mechanism, and objection window.
Subscribe to changes
RSS change feedCurrent providers by processing purpose.
The table is intentionally explicit. Optional integrations only process data when the customer connects that integration.
| Sub-processor | Purpose | Data categories | Region | DPA in place | Active since |
|---|---|---|---|---|---|
| Hetzner Online GmbH | Primary infrastructure | All customer data, scans, assets, findings, queues, and database storage | EU (Germany) | SCC + GDPR | 2025-09 |
| Cloudflare Inc | KMS proxy, DNS, DDoS protection, edge routing | Encrypted master-key mediation, DNS records, edge request telemetry | EU edge | SCC | 2025-09 |
| Anthropic PBC | LLM compute for runtime semantic validation | Sanitized prompts, truncated snippets, no plaintext secrets | Per Anthropic configuration | Zero-retention | 2025-10 |
| Resend Inc | Transactional email | Email address, message content, delivery metadata | EU | Signed DPA | 2025-12 |
| Stripe Inc | Billing and invoicing | Billing details only, invoices, payment metadata | EU | Signed DPA | 2025-11 |
| Self-hosted Umami (analytics.bleedwatch.com) | Privacy-first product analytics, self-hosted by BleedWatch (no third-party processor) | Aggregate page views, custom events, no cookies, no PII, no cross-site tracking | EU (Hetzner, our own infrastructure) | Not applicable - operated by BleedWatch on its own infra | 2026-05 |
| Cal.com Inc | Booking and demo scheduling | Email address, company name, scheduling details | EU | Signed DPA | 2026-04 |
| GitHub Inc | OAuth integration and repository metadata sync | OAuth tokens encrypted at rest, repository metadata, webhook payloads | US with SCCs | Signed DPA | 2025-10 |
| Slack Technologies LLC | OAuth integration and alert delivery | OAuth tokens encrypted at rest, channel IDs, alert payloads | US with SCCs | Signed DPA | 2025-11 |
| Atlassian Pty Ltd | Jira integration | OAuth tokens, issue metadata, remediation tickets | US with SCCs | Signed DPA | 2026-02 |
| Linear Orbit Inc | Linear integration | OAuth tokens, team IDs, remediation tickets | US with SCCs | Signed DPA | 2026-02 |
| ServiceNow Inc | ServiceNow integration | OAuth tokens, incident records, routing metadata | US with SCCs | Signed DPA | 2026-04 |
No removals since launch.
No sub-processors have been removed since the public launch of this register. If a provider is removed, this section will retain the provider name, removal date, affected purpose, and replacement reason for audit continuity.
Objections and enterprise review.
Customers may object to a new sub-processor under their DPA. Enterprise customers can also request a sub-processor audit, transfer-safeguard summary, and data-flow explanation for their connected integrations.
Primary data stays in the EU; AI prompts are sanitized.
The diagram shows the default processing path. LLM providers receive only minimized prompts after secret redaction, hashing, and truncation.
Quarterly register review
Every active processor is reviewed quarterly for purpose, data category, transfer mechanism, and whether the integration is still required.
Change notification
Customers receive at least 30 days advance notice before a new processor is added or a processor materially changes scope.
Enterprise audit support
Customers can request the current processor audit, DPA status, and transfer-safeguard summary through enterprise support.
Questions about a specific sub-processor?
Email [email protected] or open the enterprise contact form with your processor, jurisdiction, and procurement deadline.