EU-compliant sub-processors (hosted in Europe)
These sub-processors operate entirely within European territory. No international transfer is required for their service.
Hetzner Online GmbH
Role : Hosting of the Sucesio application and of the encrypted estate database.
Location : Germany (data centres in Nuremberg and Falkenstein).
Data processed : All vault data (AES-256 encrypted at application level), user identifiers, audit logs.
Legal basis : Article 6.1.b GDPR — contract performance. Intra-EU hosting, no international transfer.
DPA : hetzner.com/legal/data-processing-agreement
Scaleway SAS
Role : Encrypted off-site backups of the database and storage of death certificates.
Location : France (Paris data centre).
Data processed : Encrypted Postgres backups (age + AES-256), SSE-S3 encrypted death certificate PDFs.
Legal basis : Article 6.1.b GDPR — contract performance. Intra-EU hosting, no international transfer.
DPA : scaleway.com/en/data-protection-agreement
Stripe Payments Europe Limited
Role : Payment processing for the Sucesio subscription (€200/year).
Location : Ireland (Dublin) — Stripe Payments Europe Limited.
Data processed : Name, email, bank card data (never transmitted to Sucesio — Stripe Elements), billing history.
Legal basis : Article 6.1.b GDPR — contract performance. Intra-EU hosting.
DPA : stripe.com/legal/dpa
Non-EU sub-processors (transfers covered by Standard Contractual Clauses)
These sub-processors are based outside the European Union. In accordance with Article 46 of the GDPR, their data transfers are covered by the Standard Contractual Clauses (SCC) approved by the European Commission in 2021.
Clerk, Inc.
Role : Authentication service (account creation, sign-in, email verification, two-factor authentication).
Location : United States (San Francisco, California).
Data processed : Email, IP address, session ID, authentication metadata, TOTP code (hashed).
Legal basis : Article 6.1.b GDPR (contract performance) + Article 46.2.c GDPR (SCC) for the EU → US transfer.
DPA : clerk.com/legal/dpa
Resend Inc.
Role : Sending of transactional emails (email verification, security alerts, heir notifications).
Location : United States (San Francisco, California).
Data processed : Recipient email, subject and body of the email, sending logs (opens, clicks, bounces).
Legal basis : Article 6.1.b GDPR (contract performance) + Article 46.2.c GDPR (SCC) for the EU → US transfer.
DPA : resend.com/legal/dpa
Inngest Inc.
Role : Asynchronous task orchestration (periodic reminders, transmission jobs, deferred notifications).
Location : United States (AWS hosting).
Data processed : User identifiers, protocol events (transmission, proof of life), technical metadata.
Legal basis : Article 6.1.b GDPR (contract performance) + Article 46.2.c GDPR (SCC) for the EU → US transfer.
DPA : inngest.com/legal
Additional safeguards for non-EU transfers
To minimise the risks associated with transfers to the United States, we apply the following measures:
All sensitive content (assets, heirs, messages, instructions) is AES-256 encrypted at the application level before being sent to any sub-processor. Encryption keys never leave our European servers. No non-EU sub-processor has access to the cleartext content of the vault.
Changes and notifications
Any change to the list of sub-processors will be notified by email to affected users at least 30 days before the effective date. You have a reasoned right to object in accordance with Article 28.2 of the GDPR.
For any question relating to a sub-processor or an international transfer : dpo@sucesio.io