Sub-processors
Third-party providers that may process Customer data on our behalf.
Draft template — not legal advice
This document is a starting-point template generated for the MoldLean launch. Before publishing or relying on it commercially, have it reviewed by a qualified attorney in your jurisdiction. Dates and versions below are placeholders.
This page lists the third-party service providers (“Sub-processors”) that MoldLean engages to process personal data on behalf of Customers, in accordance with our Data Processing Addendum. We will give Customers at least 30 days prior notice before engaging any new Sub-processor that will process Customer Personal Data.
1. Active Sub-processors
| Sub-processor | Purpose | Location | DPA | BAA | SOC 2 |
|---|---|---|---|---|---|
| Cloudflare, Inc. | DNS, CDN, edge security; R2 object storage | US (EU R2 region available) | Yes | Enterprise tier only | Type II |
| Hetzner Online GmbH | Compute VPS (default tier) | Germany (EU) | Yes (GDPR-native) | No — not HIPAA-eligible | No — ISO 27001 |
| Amazon Web Services, Inc. | S3 Glacier cold archive; future HIPAA-tier compute | US / EU (configurable) | Yes | Yes | Type II |
| Paddle.com Market Ltd | Payment processing (Merchant of Record) | UK + global | Yes | Enterprise tier | Type II |
| Resend, Inc. | Transactional email | US | Yes | Check current status | In progress |
| Functional Software, Inc. (Sentry) | Error tracking and performance monitoring (PHI scrubbed) | US | Yes | Business plan | Type II |
Notes on usage
- Default tier Customers' workloads run on Hetzner (Germany, EU) for compute, Cloudflare R2 for active object storage, and AWS S3 Glacier for cold archive (invoices, audit log). Personal data therefore stays in the EU by default for compute and active storage.
- HIPAA tier Customers' workloads run on AWS infrastructure under the AWS BAA, with organization-scoped encryption keys and an isolated processing pipeline. Hetzner is not used for the HIPAA tier.
- Paddle acts as the Merchant of Record and is the controller of the underlying payment instrument data (card numbers). MoldLean only receives payment metadata (last 4 digits, brand, country, invoice totals).
- Sentry is configured with server-side scrubbing rules that redact file contents, filenames, email addresses and known PHI fields before transmission.
2. Sub-processors no longer in use
(none at this time)
3. Notifications about new Sub-processors
- RSS / Atom feed:
https://moldlean.com/legal/sub-processors/updates(coming soon) - Email: send a blank email to subprocessors@moldlean.com with the subject
subscribe. We will record your subscription and send you each change at least 30 days before it takes effect.
If you object on reasonable data protection grounds, reply to the notification email within the 30-day window. If no resolution is possible, you may terminate the affected portion of the Service for a pro-rata refund of prepaid fees, as set out in our DPA.
4. History of changes
| Date | Change |
|---|---|
| TBD (initial publication) | Initial Sub-processor list as listed above. |
5. Contact
- privacy@moldlean.com — privacy questions, DPA requests
- subprocessors@moldlean.com — Sub-processor change notifications
- security@moldlean.com — security disclosures