Subprocessors
Third-party services that process customer or end-user personal data on behalf of Linabase. Disclosed to support customer DPA review and Article 28 GDPR obligations.
Last updated: 2026-05-17
| Provider | Purpose | Jurisdiction | Data categories | Transfer mechanism |
|---|---|---|---|---|
| Hetzner Online GmbH | Primary infrastructure hosting (compute, block storage, object storage) | Germany (EU) | All customer data: Postgres rows, uploaded files, backups, logs | EU adequacy (data stays in EU) |
| DodoPayments | Payment processing and subscription billing | India | Billing contact, payment-method metadata, invoice amounts | Standard Contractual Clauses (SCCs) |
| Functional Software, Inc. (Sentry) | Error and performance monitoring | United States | Stack traces, request metadata (PII scrubbed before send) | Standard Contractual Clauses (SCCs), EU-US DPF |
| Umami Analytics (self-hosted at analytics.hooklink.net) | Cookieless web analytics for marketing pages | Germany (EU) — hosted on Hetzner | Aggregated page views, referrer, country (no IP, no cookies) | EU adequacy (data stays in EU) |
| Mailtrap | Transactional email delivery (verification, password reset, login alerts) | Czech Republic (EU) | Recipient email address, email subject, delivery status | EU adequacy (data stays in EU) |
| GitHub, Inc. (GHCR) | Container image registry for deployment artifacts | United States | No customer data; build artifacts only | Standard Contractual Clauses (SCCs) |
Change notification
We disclose new subprocessors here at least 30 days before they begin processing personal data so you can object. Subscribe to the RSS feed for machine-readable change notifications, or email privacy@linabase.com to be added to the manual notification list.
Questions or objections
Send privacy-related inquiries to privacy@linabase.com. Security disclosures: see /.well-known/security.txt.