Trust
Sub-processors.
The complete list of organisations that process customer data on Driftstack's behalf, the region they operate in, what they do, and the contractual basis under which any non-EU transfer happens.
This page is the customer-facing source of truth for sub-processor changes. Adding or removing an entry triggers a 30-day notice to all customers per Article 28(2) of the GDPR; the same content also lives in Annex 3 of the Data Processing Agreement.
Last updated: 2026-05-08
| Sub-processor | Region | Purpose | Transfer mechanism |
|---|---|---|---|
| Hetzner Cloud | Falkenstein, Germany (EU) | Compute infrastructure for the Driftstack control plane. | EU-resident — no transfer required. |
| Neon | Frankfurt (EU) | Managed Postgres for account, session, and audit data. | EU-resident — no transfer required. |
| Upstash | Frankfurt (EU) | Managed Redis for auth-cache and rate-limit state. | EU-resident — no transfer required. |
| Cloudflare R2 | EU jurisdiction | Object storage for session recordings and screenshots, public status-page snapshots, and customer-uploaded profile avatars. | EU-jurisdiction storage — no transfer required. |
| Postmark | EU sending region | Transactional email (signup verification, password reset, billing notifications, support correspondence). | 2021 Standard Contractual Clauses + EU-US Data Privacy Framework. |
| Sentry | EU region (ingest.de.sentry.io) | Error monitoring and observability for the Driftstack control plane. | EU ingest region — no transfer required for error data. |
| Stripe | Stripe Payments Europe Ltd (Ireland) | Payment processing, subscription management, BYOK metered billing, BTW reverse-charge handling via Stripe Tax. | 2021 Standard Contractual Clauses + EU-US Data Privacy Framework. |
| Anthropic | United States | Bundled large language model for the optional AI agent feature. Opt-in only; processes session data only when customers explicitly enable bundled-LLM billing. | 2021 Standard Contractual Clauses + EU-US Data Privacy Framework. |
| Moneybird | Netherlands (EU) | Accounting and invoicing operations for the Driftstack BV. | EU-resident — no transfer required. |
| MacStadium | United States | Mac hardware hosting for the iPhone Safari session execution fleet. | 2021 Standard Contractual Clauses + EU-US Data Privacy Framework. |
| NowPayments | NowPayments OÜ (Estonia, EU) | Cryptocurrency payment processing (BTC, LTC, USDT, USDC, ETH, XMR). Engaged only when a customer opts to pay with cryptocurrency at checkout; bypassed entirely for Stripe-paying customers. | EEA-internal — no transfer mechanism required. |
| LiveKit | United States (regional endpoints; EU preferred) | WebRTC live-session signaling and media SFU for the optional "live session" feature, where customer or Driftstack support views an in-progress browser session in real time. Disabled by default; engaged only when explicitly initiated. | 2021 Standard Contractual Clauses + EU-US Data Privacy Framework. |
Region preference vs. region routing.
The "region" you can pick from /settings → Region (us / eu / apac) is a stated preference. It does not move your data. Today, every customer's data resides on the EU-jurisdiction infrastructure listed in the table above — regardless of region preference.
The preference exists so we can route accounts to the matching region automatically once the multi-region rollout lands. When that happens, customers who selected a non-EU region will be notified 30 days before any of their data is migrated, with the opportunity to keep their data in the EU or terminate the affected portion of the service. The Article 28(2) sub-processor amendment mechanics on this page apply unchanged.
Until the multi-region rollout ships, leaving the field as "no preference" produces identical behaviour to selecting "eu".
How sub-processor changes work.
When Driftstack engages a new sub-processor, removes one, or materially changes the role of an existing one, customers receive notice at least 30 days before the change takes effect. The notice states what's changing, the contractual basis for any new transfer, and the cut-off date for raising objections.
Customers who object to a sub-processor change have the right to terminate the affected portion of the service before the change takes effect. The mechanics live in the DPA (Article 28(2) — Sub-processor amendment).
For questions about the list, email [email protected].