Subprocessors and International Transfers

Effective date: March 19, 2026  ·  Last updated: March 19, 2026

This page lists subprocessors used to provide Uptivus. Uptivus infrastructure is primarily hosted in the United States, and personal data may be transferred to or accessed from the United States. Where required by GDPR/UK GDPR/Swiss data protection law, we rely on recognized transfer mechanisms such as adequacy decisions, the EU-U.S. Data Privacy Framework (and UK/Swiss extensions where applicable), and/or Standard Contractual Clauses (SCCs) with supplementary safeguards.

Current Subprocessors

• DigitalOcean (hosting and infrastructure). Transfer terms: DigitalOcean DPA.
• AWS (Amazon Bedrock and Amazon S3) (AI model hosting/inference, object storage, and cloud services). Transfer terms: AWS DPA, AWS Supplementary Addendum, and AWS UK GDPR Addendum.
• Microsoft Azure (including Azure OpenAI Service) (AI model hosting/inference). Transfer terms: Microsoft Products and Services DPA and Azure OpenAI data privacy documentation.
• Plausible (privacy-focused analytics). Transfer terms: Plausible DPA.
• Proton (email communications and mailbox services). Transfer terms: Proton DPA.
• hCaptcha (Intuition Machines, Inc.) (anti-bot and anti-abuse controls). Transfer terms: hCaptcha GDPR documentation and hCaptcha Terms.
• Cloudflare (CDN, security, DDoS and bot protection). Transfer terms: Cloudflare DPA and Cloudflare GDPR commitments.
• Sentry (error monitoring, diagnostics, and performance observability). Transfer terms: Sentry DPA and Sentry Subprocessors.

How We Use Transfer Mechanisms

We put processor terms in place with our subprocessors. Depending on the service and destination country, these terms may rely on an adequacy decision (including the EU-U.S. Data Privacy Framework) and/or SCCs under EU Commission Implementing Decision (EU) 2021/914 (including UK and Swiss transfer addenda where required).

If you need a signed DPA for your organization, see our Data Processing Agreement.