Skip to content
LIVCK Cloud
Transparency

Subprocessors

Every service that processes personal data on our behalf to run LIVCK Cloud – complete, traceable and in line with Art. 28 GDPR.

Controller: René Roscher (sole proprietorship)Last updated: June 24, 2026

What are subprocessors?

To operate LIVCK Cloud, we work with carefully selected service providers that process personal data on our behalf – so-called processors under Art. 28 GDPR. Where a provider acts as a processor, we have a data processing agreement in place with it. This list gives you full transparency about who processes which data, for what purpose, and where.

Legend

  • EU / EEA — Registered and processing within the EU or EEA.
  • Adequacy decision — Processing outside the EU/EEA but in a country with an EU adequacy decision (Switzerland) — legally treated like the EU/EEA.
  • Third country — Processing outside the EU – safeguarded via the DPF or EU Standard Contractual Clauses.
  • Customer-defined — An endpoint you operate yourself – no external third party.

Currently 18 processors listed.

Infrastructure, hosting & data storage

The technical foundation: the application, database and encrypted backups of LIVCK Cloud.

Hetzner

Hetzner

Hetzner Online GmbH

Germany

Purpose

Operates the entire platform – this is where the LIVCK Cloud application and database run, along with some of our monitoring nodes.

Data categories

All application and customer data – account, monitoring and status-page data.

Industriestr. 25, 91710 Gunzenhausen, Germany

STACKIT

STACKIT

STACKIT GmbH & Co. KG

Germany

Purpose

Storage of encrypted backups plus storage and delivery of uploaded files such as profile pictures and status-page assets.

Data categories

Database backups (containing customer data) plus uploaded files and status-page assets (e.g. logos, profile pictures).

Data centers in Germany.

Stiftsbergstraße 1, 74172 Neckarsulm, Germany

Monitoring nodes

Our monitoring nodes run the checks you configure and report only whether a service is reachable – up or down, never content. Targets such as URLs or hostnames stay in memory only and are never written to disk. Deliberately spread across several providers, networks and locations: this network diversity means an outage in any single network can't distort the monitoring – we watch your services from independent vantage points.

OVHcloud

OVHcloud

OVH SAS

France

2 rue Kellermann, 59100 Roubaix, France

netcup

netcup

netcup GmbH

Germany

Emmy-Noether-Str. 10, 76131 Karlsruhe, Germany

dataforest

dataforest

dataforest GmbH

Germany

Taunusstraße 52, 65830 Kriftel, Germany

EmeraldHost

EmeraldHost

EmeraldHost UG (haftungsbeschränkt)

Germany

Kurfürstenstr. 10, 50678 Köln, Germany

Windcloud

Windcloud

Windcloud 4.0 GmbH

Germany

Lecker Straße 7, 25917 Enge-Sande, Germany

IN

Infomaniak

Infomaniak Network SA

Switzerland

Data categories

Monitoring target addresses (transient, in memory); no persistent storage of personal data at the location.

Switzerland – a third country with an EU adequacy decision (Art. 45 GDPR). The transfer is permitted without additional safeguards and is treated like processing within the EU/EEA. Own data center in Plan-les-Ouates (Geneva); data remains in Switzerland.

Rue Eugène-Marziano 25, 1227 Genève, Switzerland

Notification delivery (SMS & email)

For both SMS and email we rely on two independent providers each – if the primary one fails, the second takes over automatically.

SMS

seven.io

seven.io

seven communications GmbH & Co. KG

Germany
Registered telecoms operator

Purpose

Primary delivery of SMS notifications to you and to status-page subscribers. Outbound only – no SMS are received.

Data categories

Recipient phone number and message content (outbound only).

Supervised by the German Federal Network Agency; subject to telecommunications secrecy.

Willestr. 4-6, 24103 Kiel, Germany

LOX24

LOX24

LOX24 GmbH

Germany
Registered telecoms operator

Purpose

Fallback provider for SMS delivery if the primary service fails. Outbound only.

Data categories

Recipient phone number and message content (outbound only).

Supervised by the German Federal Network Agency; servers in Germany only, per the provider.

Seestraße 109, 13353 Berlin, Germany

Email

Scaleway

Scaleway

SCALEWAY SAS

France

Purpose

Primary delivery of all transactional emails – alerting, account mails and notifications.

Data categories

Recipient email address and message content.

8 rue de la Ville-l'Évêque, 75008 Paris, France

Sweego

Sweego

MINDBAZ SAS

France

Purpose

Fallback provider for email delivery if the primary service fails.

Data categories

Recipient email address and message content.

Data centers in France. Brand “Sweego”, legal entity MINDBAZ SAS.

59 rue Nationale, 59800 Lille, France

Optional notification channels

These services are only involved if you connect the channel yourself – for example via webhook or integration. You decide what content goes where. The respective provider may act as an independent controller; the transfer takes place at your instruction.

Discord

Discord

Discord Inc.

USA
Connected by customer

Purpose

Delivery of notifications to a Discord channel you connect via webhook.

Data categories

Notification content and channel/webhook ID.

Processed on US servers. The EEA contracting entity is Discord Netherlands BV, while operations sit with Discord Inc. (USA). Transfer based on EU Standard Contractual Clauses.

444 De Haro Street #200, San Francisco, CA 94107, USA

Slack

Slack

Slack Technologies Limited

Ireland
Connected by customer

Purpose

Delivery of notifications to a Slack workspace you connect.

Data categories

Notification content and channel/workspace ID.

EU contracting party in Ireland, US parent company (Salesforce). Transfer based on the EU-US Data Privacy Framework.

One Park Place, Hatch Street Upper, Dublin 2, Ireland

Microsoft Teams

Microsoft Teams

Microsoft Ireland Operations Limited

Ireland
Connected by customer

Purpose

Delivery of notifications to a Microsoft Teams channel you connect.

Data categories

Notification content and channel ID.

EU contracting party in Ireland, US parent company. Processing within the Microsoft EU Data Boundary; transfer based on the EU-US Data Privacy Framework.

One Microsoft Place, Leopardstown, Dublin 18, Ireland

Telegram

Telegram

Telegram FZ-LLC

UAE
Connected by customer

Purpose

Delivery of notifications via a Telegram bot or chat you connect.

Data categories

Notification content and chat ID.

Based in the UAE – a third country without an adequacy decision. The transfer takes place at the instruction of the connecting customer, who sets up the channel under their own responsibility.

Dubai, UAE

Webhook

Customer endpoint
Connected by customerNot a processor

Purpose

Delivery to an endpoint you operate yourself – signed with HMAC.

Data categories

Determined by you.

Not a processor: no external third party is involved. Listed only for clarity.

DNS

DNS processes virtually no personal data – it answers technical name queries, not end-user data. Listed for transparency; there are two separate DNS layers, one for our own traffic and one for status-page custom domains.

Important: no traffic and no content flows through these providers. They only answer technical name queries (which domain points to which IP) and usually see only the IP of the requesting resolver, not the end user's. The actual traffic flows directly between the visitor and our servers; these companies do not receive any personal application data. We list them anyway for transparency.
Gcore

Gcore

G-Core Labs S.A.

Luxembourg

Purpose

DNS resolution for status-page and end-customer traffic (custom domains) – split across two providers.

Data categories

Technical DNS queries only (domain name and usually the IP of the requesting resolver, not the end user) – no personal application data.

2-4 rue Edmond Reuter, L-5326 Contern, Luxembourg

CL

ClouDNS

Cloud DNS Ltd.

Bulgaria

Purpose

DNS resolution for status-page and end-customer traffic (custom domains) – split across two providers.

Data categories

Technical DNS queries only (domain name and usually the IP of the requesting resolver, not the end user) – no personal application data.

Sofia / Stara Zagora, Bulgaria

General notes

Further subprocessors

Our subprocessors may in turn engage their own providers. These are bound to GDPR-compliant obligations by a data processing agreement (flow-down) and are listed in the respective subprocessor lists of the named providers.

Transfers to third countries

Where providers are based or process outside the EU/EEA – such as GitHub, Discord or Telegram – transfers rely on recognised safeguards: the EU-US Data Privacy Framework or EU Standard Contractual Clauses, subject to each provider's current certification.

Not listed

We don't list services without access to customer data – such as internal tools for development and team communication – nor components we run ourselves on the infrastructure named above.

Independent controller

Independent controllers

These providers are not processors: they don't process data on our behalf but determine the purposes and means under their own responsibility. This includes our payment service provider – which is legally required to process payment data on its own responsibility – as well as external sign-in services, which are only involved if you choose that sign-in option voluntarily.

Mollie

Mollie

Mollie B.V.

Netherlands
Independent controller

Purpose

Processing of payments. As a payment service provider, Mollie processes payment data under its own responsibility – partly due to statutory obligations under PSD2 and anti-money-laundering law.

Data categories

Payment data – name, address and payment-method details.

Keizersgracht 126, 1015 CW Amsterdam, Netherlands

Google

Google

Google Ireland Limited

Ireland
Independent controller

Purpose

Sign-in with a Google account (“Sign in with Google”).

Data categories

Sign-in and identity data – name, email and Google account ID.

EU contracting party in Ireland; processing worldwide, including the USA. Transfer based on the EU-US Data Privacy Framework.

Gordon House, Barrow Street, Dublin 4, Ireland

GitHub

GitHub

GitHub, Inc.

USA
Independent controller

Purpose

Sign-in with a GitHub account (“Sign in with GitHub”).

Data categories

Sign-in and identity data – username, email and GitHub account ID.

Based in the USA – a third country. Microsoft subsidiary; transfer based on the EU-US Data Privacy Framework.

88 Colin P. Kelly Jr. St., San Francisco, CA 94107, USA

Discord

Discord

Discord Inc.

USA
Independent controller

Purpose

Sign-in with a Discord account (“Sign in with Discord”).

Data categories

Sign-in and identity data – username, email and Discord account ID.

Processed on US servers; nominal EEA entity Discord Netherlands BV, operations with Discord Inc. (USA). Transfer based on EU Standard Contractual Clauses.

444 De Haro Street #200, San Francisco, CA 94107, USA

We announce new or changed subprocessors to our customers with reasonable advance notice; objection is possible. This overview supplements the data processing agreement. If you have questions about data processing, reach us at support@livck.com.

Read the privacy policy