Legal
Subprocessors
Last Updated: 2026-05-05
DeData uses the third-party service providers listed below to deliver the Service. Each subprocessor processes only the categories of data necessary for its stated purpose. We sign a Data Processing Agreement (DPA) with every subprocessor that handles personal data and rely on Standard Contractual Clauses (SCC) for international transfers where required.
This list is incorporated by reference into our Privacy Policy. Material changes will be announced at least 30 days before they take effect.
Current Subprocessors
| Subprocessor | Purpose | Data Processed | Location | Transfer Mechanism |
|---|---|---|---|---|
| Stripe, Inc. | Payment processing & subscription billing | Billing email, payment method tokens, customer name | USA | SCC + DPA |
| Wildbit, LLC (Postmark) | Transactional email (verification, receipts, account events) | User email, name, account events | USA | SCC + DPA |
| Railway Corp. | Application hosting, Postgres database, Redis, object storage | All PII categories stored by the Service | USA | SCC + DPA |
| Bright Data Ltd. | Residential proxy network for broker scans and removals | User name, address, phone (transient — passed in request bodies during scan; not persistently stored by provider) | Global egress IPs (US-residential pool used by default) | SCC + DPA |
| Sentry | Error monitoring & crash reporting | IP address, error stack traces (scrubbed of PII server-side) | USA | SCC |
| Cloudflare, Inc. | CDN, DDoS protection, WAF | IP address, request metadata, TLS fingerprint | Global edge network | SCC |
Get notified of subprocessor changes
We will email you at least 30 days before any new subprocessor that handles personal data is added. Send a blank email to the address below with the subject line “Subscribe: subprocessor updates.”
privacy@dedatalabs.orgQuestions or DPA requests? Email privacy@dedatalabs.org.