Sub-processors

Name: Ticpoz
Brand: Ticpoz

The third-party services we use to run TICPOZ. Each entry lists what the service does, where it processes data, and what data categories are involved.

Last updated · May 2026

What is a sub-processor?

A sub-processor is a third-party service that processes personal data on our behalf to deliver the platform. Under Article 28 of the EU/UK GDPR we publish them so customers can evaluate our data-handling chain. This page is the canonical register; we update it before adding any new sub-processor.

1. Current sub-processors

Hetzner Online GmbH

Compute, storage, and network egress for the production platform.

Region: EU and US regions

Data categories: All operational data, encrypted at rest.

Cloudflare, Inc.

Edge CDN, DDoS protection, TLS termination, web-application firewall.

Region: Global edge network

Data categories: Request metadata, IP addresses, headers (no payloads stored beyond standard cache TTL).

Stripe Payments

Payment processing — subscription billing, refunds, invoicing. PCI-DSS Level 1 certified.

Region: US + EU (regional routing based on customer location)

Data categories: Cardholder data (tokenised), billing email, billing address, invoice records.

Transactional email provider

Disclosed under NDA

Delivery of system emails: verification codes, password resets, billing receipts, security alerts. Provider name disclosed to enterprise customers under NDA.

Region: EU and US

Data categories: Email address, message content for transactional sends.

AI inference provider

Disclosed under NDA

Frontier language model used by the Quant-AI strategy builder. Prompts are PII-scrubbed before transit — no broker tokens, passwords, or account identifiers leave our infrastructure. Provider name disclosed to enterprise customers under NDA.

Region: Provider-managed inference region

Data categories: Strategy prompt text (after PII scrub), conversation history within a session.

Error monitoring (planned)

Disclosed under NDA

Production error monitoring with PII scrubbing on stack frames. Not yet active.

Region: EU + US options

Data categories: Stack traces, error metadata, scrubbed user identifiers.

2. Changes & notification

Material change. We give at least 30 days' notice before adding a new sub-processor that processes personal data, via this page, the changelog, and (for enterprise customers with a DPA) email.
Removal. We remove a sub-processor as soon as we stop using it. The page reflects the current state, not history.
Right to object. Enterprise customers with a signed DPA have the right to object to a new sub-processor; objections are handled per the DPA at /dpa.

3. International transfers

Several of the sub-processors above are based outside the EEA / UK. Where we transfer personal data internationally, we rely on the EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum (IDTA), plus supplementary safeguards (encryption in transit and at rest, role-based access controls, audit logging). Full mechanics are in our privacy policy §7.

Privacy policy — how we process personal data overall.
Data Processing Agreement — template for enterprise customers.
Security — encryption, transport, access control.
Questions: [email protected]

Sub-processors

1. Current sub-processors

Hetzner Online GmbH

Cloudflare, Inc.

Stripe Payments

Transactional email provider

AI inference provider

Error monitoring (planned)

2. Changes & notification

3. International transfers

4. Related