Sub-processors

Last updated: 2026-05-22

This page lists the third-party service providers (the “Sub-processors”) that Owlogs engages to deliver the Owlogs Service. For each provider we indicate the purpose of the engagement, the categories of Customer Data involved and the country in which the data is processed. It is published in fulfilment of GDPR article 28 and of the commitments set out in our Data Processing Addendum.

Notice of changes. Before adding or replacing a Sub-processor that has access to Customer Data, we publish the change on this page at least thirty (30) days in advance. If you are signed in to a paid Workspace, you may subscribe to email notifications of every update. To object to a proposed Sub-processor on reasonable data-protection grounds, write to privacy@owlogs.io; the procedure for objections is set out in our DPA.

Current Sub-processors

Provider	Purpose	Location	Data processed
OVHcloud OVH SAS — Roubaix, France	Primary hosting (application servers, Postgres, object storage, backups).	France (EU)	Account data, Customer Data, telemetry, backups.
Hetzner Hetzner Online GmbH — Gunzenhausen, Germany	Secondary hosting (queue workers, search indexes, off-site backup replicas).	Germany (EU)	Account data, Customer Data, telemetry, backups.
Stripe Stripe Payments Europe, Ltd. — Dublin, Ireland	Subscription billing and payment processing. Card data is captured directly by Stripe and never reaches our servers.	Ireland (EU). Limited transfers to the United States under EU Standard Contractual Clauses.	Billing email, name, company, country, VAT number, payment-method metadata.
Email delivery provider To be appointed (e.g. Postmark, Resend, Mailgun). Updated here when finalised.	Transactional email (sign-up confirmation, password reset, billing, alerts).	EU / United States under Standard Contractual Clauses.	Email address, name, subject and body of the email.
AI providers (optional) conditional OpenAI Ireland Ltd. and/or Anthropic, PBC — engaged only when a Workspace enables AI-assisted features.	AI-assisted search, summarisation, code suggestions and chat. Only the redacted log excerpts that the Workspace user submits as prompt context are sent.	Ireland (EU) and the United States under Standard Contractual Clauses and Zero-Retention agreements where available.	Redacted log excerpts and the user prompt.

Sub-processors marked conditional are engaged only when a Workspace owner explicitly enables the corresponding feature (for example, AI-assisted features). They do not process Customer Data for Workspaces that have not activated the feature.

Where Customer Data is stored

Customer Data is stored within the European Union by default. Where data is transferred to a Sub-processor located outside the European Economic Area, we rely on the EU Standard Contractual Clauses (Decision (EU) 2021/914), supplemented by technical and organisational measures as described in our DPA. The current list of hosting providers (with their full registered offices) is published on our Imprint.

How we vet a Sub-processor

Before engaging a Sub-processor, we conduct a proportionate due-diligence review that covers, at minimum, its security practices, certifications, location, processing terms and ability to support the rights of Data Subjects. We sign a written data-processing agreement with each Sub-processor that imposes obligations no less protective than the ones we owe Customer under the DPA. We re-assess each Sub-processor periodically.

Contact

Questions about this list, or about a specific Sub-processor, can be sent to privacy@owlogs.io.

Other legal documents: Terms of Use Privacy Policy Cookies DPA Sub-processors Imprint