Sub-Processors
To provide our services we use the following carefully selected sub-processors (Art. 28 GDPR):
| Provider | Purpose | Location | Data categories |
|---|---|---|---|
| Google Cloud Platform | Infrastructure, hosting, database | EU (europe-west1) | All tenant data, Authentication, Storage |
| Firebase (Google) | Authentication, real-time database, file storage | EU | Auth data, Session data, Uploaded files |
| Stripe Data Processing Agreement | Payment processing | US/EU | Payment data, Email addresses, Billing info |
| Sentry Data Processing Agreement | Error tracking and monitoring | EU | Error context (no PII by policy) |
| Resend Data Processing Agreement | Transactional email delivery | US/EU | Email addresses, Email content |
| Google (Gemini AI) Data Processing Agreement | AI features: operator assistant, content translation, fleet-import structuring | EU/US | Booking + customer data (operator assistant function calls), Boat content (translation/import) |
A data processing agreement under Art. 28 GDPR is in place with each of these sub-processors. Processing primarily takes place within the EU; appropriate safeguards (e.g. EU Standard Contractual Clauses) apply to any third-country transfers.