Subprocessors
Every service that processes personal data on our behalf to run LIVCK Cloud – complete, traceable and in line with Art. 28 GDPR.
What are subprocessors?
To operate LIVCK Cloud, we work with carefully selected service providers that process personal data on our behalf – so-called processors under Art. 28 GDPR. Where a provider acts as a processor, we have a data processing agreement in place with it. This list gives you full transparency about who processes which data, for what purpose, and where.
Legend
- EU / EEA — Registered and processing within the EU or EEA.
- Adequacy decision — Processing outside the EU/EEA but in a country with an EU adequacy decision (Switzerland) — legally treated like the EU/EEA.
- Third country — Processing outside the EU – safeguarded via the DPF or EU Standard Contractual Clauses.
- Customer-defined — An endpoint you operate yourself – no external third party.
Currently 18 processors listed.
Infrastructure, hosting & data storage
The technical foundation: the application, database and encrypted backups of LIVCK Cloud.
Hetzner
Hetzner Online GmbH
Purpose
Operates the entire platform – this is where the LIVCK Cloud application and database run, along with some of our monitoring nodes.
Data categories
All application and customer data – account, monitoring and status-page data.
Industriestr. 25, 91710 Gunzenhausen, Germany

STACKIT
STACKIT GmbH & Co. KG
Purpose
Storage of encrypted backups plus storage and delivery of uploaded files such as profile pictures and status-page assets.
Data categories
Database backups (containing customer data) plus uploaded files and status-page assets (e.g. logos, profile pictures).
Data centers in Germany.
Stiftsbergstraße 1, 74172 Neckarsulm, Germany
Monitoring nodes
Our monitoring nodes run the checks you configure and report only whether a service is reachable – up or down, never content. Targets such as URLs or hostnames stay in memory only and are never written to disk. Deliberately spread across several providers, networks and locations: this network diversity means an outage in any single network can't distort the monitoring – we watch your services from independent vantage points.
OVHcloud
OVH SAS
2 rue Kellermann, 59100 Roubaix, France
netcup
netcup GmbH
Emmy-Noether-Str. 10, 76131 Karlsruhe, Germany
dataforest
dataforest GmbH
Taunusstraße 52, 65830 Kriftel, Germany

EmeraldHost
EmeraldHost UG (haftungsbeschränkt)
Kurfürstenstr. 10, 50678 Köln, Germany
Windcloud
Windcloud 4.0 GmbH
Lecker Straße 7, 25917 Enge-Sande, Germany
Infomaniak
Infomaniak Network SA
Data categories
Monitoring target addresses (transient, in memory); no persistent storage of personal data at the location.
Switzerland – a third country with an EU adequacy decision (Art. 45 GDPR). The transfer is permitted without additional safeguards and is treated like processing within the EU/EEA. Own data center in Plan-les-Ouates (Geneva); data remains in Switzerland.
Rue Eugène-Marziano 25, 1227 Genève, Switzerland
Notification delivery (SMS & email)
For both SMS and email we rely on two independent providers each – if the primary one fails, the second takes over automatically.
SMS
seven.io
seven communications GmbH & Co. KG
Purpose
Primary delivery of SMS notifications to you and to status-page subscribers. Outbound only – no SMS are received.
Data categories
Recipient phone number and message content (outbound only).
Supervised by the German Federal Network Agency; subject to telecommunications secrecy.
Willestr. 4-6, 24103 Kiel, Germany

LOX24
LOX24 GmbH
Purpose
Fallback provider for SMS delivery if the primary service fails. Outbound only.
Data categories
Recipient phone number and message content (outbound only).
Supervised by the German Federal Network Agency; servers in Germany only, per the provider.
Seestraße 109, 13353 Berlin, Germany
Scaleway
SCALEWAY SAS
Purpose
Primary delivery of all transactional emails – alerting, account mails and notifications.
Data categories
Recipient email address and message content.
8 rue de la Ville-l'Évêque, 75008 Paris, France
Sweego
MINDBAZ SAS
Purpose
Fallback provider for email delivery if the primary service fails.
Data categories
Recipient email address and message content.
Data centers in France. Brand “Sweego”, legal entity MINDBAZ SAS.
59 rue Nationale, 59800 Lille, France
Optional notification channels
These services are only involved if you connect the channel yourself – for example via webhook or integration. You decide what content goes where. The respective provider may act as an independent controller; the transfer takes place at your instruction.
Discord
Discord Inc.
Purpose
Delivery of notifications to a Discord channel you connect via webhook.
Data categories
Notification content and channel/webhook ID.
Processed on US servers. The EEA contracting entity is Discord Netherlands BV, while operations sit with Discord Inc. (USA). Transfer based on EU Standard Contractual Clauses.
444 De Haro Street #200, San Francisco, CA 94107, USA
Slack
Slack Technologies Limited
Purpose
Delivery of notifications to a Slack workspace you connect.
Data categories
Notification content and channel/workspace ID.
EU contracting party in Ireland, US parent company (Salesforce). Transfer based on the EU-US Data Privacy Framework.
One Park Place, Hatch Street Upper, Dublin 2, Ireland
Microsoft Teams
Microsoft Ireland Operations Limited
Purpose
Delivery of notifications to a Microsoft Teams channel you connect.
Data categories
Notification content and channel ID.
EU contracting party in Ireland, US parent company. Processing within the Microsoft EU Data Boundary; transfer based on the EU-US Data Privacy Framework.
One Microsoft Place, Leopardstown, Dublin 18, Ireland
Telegram
Telegram FZ-LLC
Purpose
Delivery of notifications via a Telegram bot or chat you connect.
Data categories
Notification content and chat ID.
Based in the UAE – a third country without an adequacy decision. The transfer takes place at the instruction of the connecting customer, who sets up the channel under their own responsibility.
Dubai, UAE
Webhook
Purpose
Delivery to an endpoint you operate yourself – signed with HMAC.
Data categories
Determined by you.
Not a processor: no external third party is involved. Listed only for clarity.
DNS
DNS processes virtually no personal data – it answers technical name queries, not end-user data. Listed for transparency; there are two separate DNS layers, one for our own traffic and one for status-page custom domains.
Gcore
G-Core Labs S.A.
Purpose
DNS resolution for status-page and end-customer traffic (custom domains) – split across two providers.
Data categories
Technical DNS queries only (domain name and usually the IP of the requesting resolver, not the end user) – no personal application data.
2-4 rue Edmond Reuter, L-5326 Contern, Luxembourg
ClouDNS
Cloud DNS Ltd.
Purpose
DNS resolution for status-page and end-customer traffic (custom domains) – split across two providers.
Data categories
Technical DNS queries only (domain name and usually the IP of the requesting resolver, not the end user) – no personal application data.
Sofia / Stara Zagora, Bulgaria
General notes
Further subprocessors
Our subprocessors may in turn engage their own providers. These are bound to GDPR-compliant obligations by a data processing agreement (flow-down) and are listed in the respective subprocessor lists of the named providers.
Transfers to third countries
Where providers are based or process outside the EU/EEA – such as GitHub, Discord or Telegram – transfers rely on recognised safeguards: the EU-US Data Privacy Framework or EU Standard Contractual Clauses, subject to each provider's current certification.
Not listed
We don't list services without access to customer data – such as internal tools for development and team communication – nor components we run ourselves on the infrastructure named above.
Independent controllers
These providers are not processors: they don't process data on our behalf but determine the purposes and means under their own responsibility. This includes our payment service provider – which is legally required to process payment data on its own responsibility – as well as external sign-in services, which are only involved if you choose that sign-in option voluntarily.
Mollie
Mollie B.V.
Purpose
Processing of payments. As a payment service provider, Mollie processes payment data under its own responsibility – partly due to statutory obligations under PSD2 and anti-money-laundering law.
Data categories
Payment data – name, address and payment-method details.
Keizersgracht 126, 1015 CW Amsterdam, Netherlands
Google Ireland Limited
Purpose
Sign-in with a Google account (“Sign in with Google”).
Data categories
Sign-in and identity data – name, email and Google account ID.
EU contracting party in Ireland; processing worldwide, including the USA. Transfer based on the EU-US Data Privacy Framework.
Gordon House, Barrow Street, Dublin 4, Ireland
GitHub
GitHub, Inc.
Purpose
Sign-in with a GitHub account (“Sign in with GitHub”).
Data categories
Sign-in and identity data – username, email and GitHub account ID.
Based in the USA – a third country. Microsoft subsidiary; transfer based on the EU-US Data Privacy Framework.
88 Colin P. Kelly Jr. St., San Francisco, CA 94107, USA
Discord
Discord Inc.
Purpose
Sign-in with a Discord account (“Sign in with Discord”).
Data categories
Sign-in and identity data – username, email and Discord account ID.
Processed on US servers; nominal EEA entity Discord Netherlands BV, operations with Discord Inc. (USA). Transfer based on EU Standard Contractual Clauses.
444 De Haro Street #200, San Francisco, CA 94107, USA
We announce new or changed subprocessors to our customers with reasonable advance notice; objection is possible. This overview supplements the data processing agreement. If you have questions about data processing, reach us at support@livck.com.
Read the privacy policy