Sub-Processors
Last updated: January 2026
Third-Party Data Processors
In accordance with GDPR Article 28, we maintain transparency about the third-party service providers (sub-processors) who process personal data on our behalf.
All sub-processors are bound by data processing agreements (DPAs) that ensure they handle your data with the same level of protection as Guide Connect.
Our Sub-Processors
| Company | Purpose | Location | DPA Status |
|---|---|---|---|
| Linode / Akamai | Cloud hosting infrastructure and server management | Frankfurt, Germany (EU) | DPA in place |
| Mailgun (Sinch) | Transactional email delivery for account notifications and communications | EU data center | DPA in place |
| PostHog | Privacy-respecting product analytics (optional, requires consent) | Frankfurt, Germany (EU) | DPA in place |
| Straumur | Secure subscription payment processing | Reykjavík, Iceland (EEA) | DPA in place |
Data Protection Safeguards
All our sub-processors:
- Are bound by written data processing agreements
- Process data only according to our documented instructions
- Implement appropriate technical and organizational security measures
- Do not sub-contract data processing without our authorization
- Assist us in responding to data subject rights requests
- Delete or return all personal data at the end of the service relationship
International Data Transfers
Our primary data storage is within the European Union (Frankfurt, Germany). When data is processed by sub-processors outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.
Updates to This List
We may update this list of sub-processors as our service providers change. Material changes will be communicated through our platform or via email to registered users.
Questions?
If you have questions about our sub-processors or data processing practices, please contact us at legal@guideconnect.is.