1. Introduction
This page lists the third-party sub-processors that Digitlify Inc. (“Digitlify”, “we”) engages to process customer personal data on your behalf. We publish this list in accordance with Article 28 of the EU General Data Protection Regulation (GDPR) and equivalent requirements under the California Consumer Privacy Act (CCPA) and other applicable data protection laws.
For the avoidance of doubt, a “sub-processor” is any third party engaged by Digitlify to process personal data on behalf of our customers. We remain responsible for each sub-processor's compliance with the terms of our Data Processing Agreement.
Where a sub-processor processes personal data outside the European Economic Area, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or on other transfer mechanisms recognized by applicable data protection authorities.
2. Current Sub-processors
This list is intentionally kept at the capability level. Customers under NDA can request the full supply-chain audit, including vendor names, by contacting security@digitlify.com.
| Purpose | Category | Region | Transfer mechanism |
|---|---|---|---|
| Primary hosting (compute, storage, networking) | Infrastructure provider | EU (Germany) | N/A — EU / EEA resident |
| Managed Postgres database (customer tenant data at rest) | Database hosting | EU (Germany) | N/A — EU / EEA resident |
| Object storage (file uploads, generated artifacts) | Object storage | EU (Germany) | N/A — EU / EEA resident |
| LLM inference (text generation, embeddings, summarization) | AI model provider | US / EU (provider-dependent) | Standard Contractual Clauses (SCCs) where personal data flows outside the EEA; zero-retention agreements where available. |
| Transactional email delivery (password resets, notifications) | Email service provider | US / EU | Standard Contractual Clauses (SCCs) for US providers |
| Payment processing and billing | Payment processor | US / EU | Standard Contractual Clauses (SCCs) for US providers |
| Customer identity and SSO token exchange | Identity provider (managed) | EU (Germany) | N/A — EU / EEA resident |
| Error tracking and application performance monitoring | Observability / APM | EU | N/A — EU / EEA resident |
| Product analytics (opt-in only, via cookie consent) | Analytics provider | EU | N/A — EU / EEA resident |
3. Change Notification
Digitlify will provide prior written notice of any intended addition or replacement of a sub-processor, giving customers a reasonable opportunity to object. Customers may subscribe to sub-processor change notifications by emailing privacy@digitlify.com with the subject line “Subscribe: subprocessor changes”.
The revision history of this page is available on request. Any future updates to this list will include a “Last updated” timestamp at the top of the page.
4. Objection Rights
If a customer objects on reasonable data-protection grounds to a newly added sub-processor, Digitlify will work in good faith to resolve the objection. If no resolution is possible, the customer may terminate the affected services as set out in the Data Processing Agreement, without penalty.
5. Contact
For questions about sub-processors, supply-chain audits, or to request the full vendor list under NDA, contact us at:
- Privacy inquiries: privacy@digitlify.com
- Security and vendor audit: security@digitlify.com
- Data Processing Agreement: /dpa