← Back to Vibranius
Sub-processor List
Last updated: April 2026
Vibranius uses the following third-party sub-processors to deliver our service. These sub-processors are subject to strict data protection agreements and only access data as necessary for their specific functions.
Overview
| Sub-processor |
Country |
Purpose |
Data accessed |
| Hetzner Online GmbH |
Germany (EU) |
Dedicated server infrastructure hosting |
Server hardware level only — no data access |
| Stripe Inc. |
USA |
Payment processing |
Billing information only (payment cards via Stripe PCI compliance) |
| Let's Encrypt |
USA |
SSL/TLS certificate authority |
Domain names only (no personal data) |
Important: Client document data, files, and content stored on your Vibranius workspace NEVER reach any sub-processor. Your content remains on your dedicated server under your control.
1. Hetzner Online GmbH
- Country: Germany (European Union)
- Purpose: Dedicated server infrastructure, data center facilities, network connectivity
- Data accessed: Server hardware level only. Hetzner provides physical server infrastructure but does NOT have access to:
- Your server content or files
- Your application data
- Your user accounts or authentication
- Data location: Frankfurt, Germany (EU)
- Legal basis: EU data center, GDPR compliant, no cross-border data transfers for content
- Website: hetzner.com
- Privacy policy: hetzner.com/de/rechtliches/datenschutz
2. Stripe Inc.
- Country: United States of America
- Purpose: Payment processing, credit/debit card transactions, subscription billing
- Data accessed: Payment billing information only:
- Card details (processed securely via Stripe PCI DSS Level 1 certification)
- Billing address
- Invoices and payment history
- Data protection: EU-US data transfers protected by Standard Contractual Clauses (SCCs) as required by GDPR
- PCI compliance: Stripe is PCI DSS Level 1 certified (highest level)
- Website: stripe.com
- Privacy policy: stripe.com/privacy
3. Let's Encrypt
- Country: United States of America
- Purpose: SSL/TLS certificate authority providing HTTPS certificates
- Data accessed: Domain names only:
- Your Vibranius domain (e.g., company.citadel.eu)
- Public domain information
- No personal or business data
- Privacy impact: Minimal — domain names are public information anyway
- Website: letsencrypt.org
- Privacy policy: letsencrypt.org/privacy
4. No Additional Sub-processors
We do NOT use the following common sub-processors for client data:
- ❌ No analytics (Google Analytics, Mixpanel, etc.)
- ❌ No customer support tools (Intercom, Zendesk, etc.)
- ❌ No email marketing platforms (Mailchimp, SendGrid, etc.) for customer data
- ❌ No CDN services that cache your content
- ❌ No database-as-a-service providers
- ❌ No monitoring services with data access
5. Sub-processor Changes
We may add or replace sub-processors from time to time. Material changes will be:
- Posted on this page at least 30 days before implementation
- Announced via email to all account holders
- Subject to your right to object (see our Data Processing Agreement)
6. Data Transfer Mechanisms
For sub-processors located outside the European Economic Area:
- Stripe (USA): Protected by Standard Contractual Clauses (SCCs) per EU Commission Decision (EU) 2021/914
- Let's Encrypt (USA): Minimal data (domain names only), no personal data transfer
7. Your Rights
Under our Data Processing Agreement, you have the right to:
- Object to new sub-processors with 30 days' notice
- Request details of our contracts with sub-processors
- Terminate your Vibranius subscription if you object to sub-processor changes
8. Confirmation
By using Vibranius, you acknowledge that:
- You have reviewed this sub-processor list
- You consent to the listed sub-processors processing your account/billing data as described
- You understand your content data remains on your server and is NOT accessed by any sub-processor
9. Questions?
For questions about sub-processors or data processing:
This list is updated quarterly or whenever sub-processor changes occur. Last review: April 2026.