Subprocessors
Last updated: June 3, 2026
Monitoristic ("we") is operated by Solvix Studio. To deliver and operate the service, we engage a small number of third-party providers ("subprocessors") who may process personal data on our behalf or independently as part of the service.
This page lists each current subprocessor, the role they play, the categories of personal data involved, their processing location, the legal mechanism we rely on for international transfers where applicable, and a link to their published privacy policy and data processing agreement (DPA). It supplements the disclosure already in our Privacy Policy.
Change notifications
We will announce material changes to this list — including the addition or replacement of a subprocessor — via our changelog at least 14 days before the change takes effect, except where a shorter notice is required for security or legal reasons. Business customers may request email notifications at [email protected].
Current subprocessors
Paddle.com Inc.
UK / US- Role
- Payments, Merchant of Record, billing, invoicing, and tax compliance. Paddle acts as an independent data controller for payment-related processing.
- Data categories
- Identity (name, email), billing and transaction information, purchase history.
- Processing location
- United Kingdom · United States.
- Transfer mechanism
- Standard Contractual Clauses (SCCs) · UK Extension to the EU-US Data Privacy Framework.
- Privacy policy
- paddle.com/legal/privacy
- Data sharing addendum
- paddle.com/legal/data-sharing-addendum (controller-to-controller terms governing the data we share with Paddle)
Cloudflare, Inc.
Global- Role
- Hosting, edge compute, primary database, DNS, CDN, and web analytics.
- Data categories
- All application and monitoring data; aggregated traffic data.
- Processing location
- Global edge · primary United States.
- Transfer mechanism
- Standard Contractual Clauses (SCCs) · EU-US Data Privacy Framework.
- Privacy policy
- cloudflare.com/privacypolicy
- Data processing addendum
- cloudflare.com/cloudflare-customer-dpa
Resend, Inc.
US- Role
- Transactional email delivery (primary).
- Data categories
- Email address, message content (account and alert emails).
- Processing location
- United States.
- Transfer mechanism
- Standard Contractual Clauses (SCCs) · EU-US Data Privacy Framework.
- Privacy policy
- resend.com/privacy
- Data processing addendum
- resend.com/legal/dpa
Sendinblue SAS (Brevo)
EU- Role
- Transactional email delivery (failover).
- Data categories
- Email address, message content (account and alert emails).
- Processing location
- European Union (France).
- Transfer mechanism
- Not applicable — data remains in the EU.
- Privacy policy
- brevo.com/legal/privacypolicy
- Data processing addendum
- brevo.com/legal/termsofuse (published as Appendix 3 of the Terms of Use)
Umami Software, Inc. (Umami Cloud)
EU- Role
- Marketing-site analytics (cookieless, anonymous).
- Data categories
- Aggregated page views; no personal identifiers, no IP addresses stored.
- Processing location
- European Union.
- Transfer mechanism
- Not applicable — data does not leave the EU.
- Privacy policy
- umami.is/privacy
- Data processing agreement
- umami.is/dpa
Microsoft Corporation (Clarity)
US- Role
- Marketing-site behavioral analytics (heatmaps and session recordings).
- Data categories
- Page interactions, clicks, scrolls; first-party session cookie; sensitive input fields are automatically masked.
- Processing location
- United States.
- Transfer mechanism
- Standard Contractual Clauses (SCCs) · EU-US Data Privacy Framework.
- Terms of use (Clarity-specific)
- clarity.microsoft.com/terms
- Data protection addendum
- microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA (Microsoft's umbrella DPA covers Clarity)
Definitions
- Subprocessor — A third party engaged by us to process personal data on our behalf, or alongside us as part of delivering the service.
- Data Controller — The party that determines the purposes and means of processing personal data.
- DPA (Data Processing Addendum) — A contractual document setting out the rights and obligations of a controller and processor in relation to personal data.
- SCCs (Standard Contractual Clauses) — Approved contract templates issued by the European Commission to permit transfers of personal data outside the EEA.
- EU-US Data Privacy Framework (DPF) — A mechanism approved by the European Commission allowing transfers of personal data from the EU to certified US-based organizations.
Contact
- Email: [email protected]
- Response time: 48 hours.
This page was last updated on June 3, 2026. Monitoristic is operated by Solvix Studio.