Subprocessors & Service Providers

Trusted third-party services we use to deliver StatusPage.me

Get started Get started arrow Start Free Trial
πŸ” Data Processors

Subprocessors & Service Providers

In accordance with GDPR requirements, we maintain this list of third-party service providers (subprocessors) that process data on behalf of StatusPage.me.

Last updated: December 2026

About This List

We carefully select service providers who meet high standards for security, privacy, and reliability. All subprocessors are bound by data processing agreements that require them to protect your data in accordance with GDPR and other applicable privacy laws.

Primary Data Location: Your application data and database are hosted in Germany πŸ‡©πŸ‡ͺ (European Union) with Contabo. Other hosting providers are used exclusively for distributed uptime monitoring infrastructure.
Our Commitment: We review our subprocessors regularly and will notify customers of any material changes to this list through our Privacy Policy updates.

Current Subprocessors

DodoPayments

Payment Processing Merchant of Record

Purpose: Payment processing, subscription management, and billing

Data Processed: Payment card information, billing details, transaction records, customer email

Location: United States πŸ‡ΊπŸ‡Έ (PCI DSS Level 1 compliant)

Note: DodoPayments acts as the Merchant of Record. Payment card data is sent directly to DodoPayments and never touches our servers.

Plausible Analytics

Web Analytics Privacy-First

Purpose: Privacy-friendly, cookie-free web analytics

Data Processed: Anonymized page views, referrers, browser/OS info (no personal data)

Location: European Union πŸ‡ͺπŸ‡Ί (GDPR, CCPA, PECR compliant)

Note: No cookies, no personal data collection. View our public stats at plausible.io/statuspage.me

Sapat.chat

Customer Support Privacy-First

Purpose: Customer support, help desk, and knowledge base

Data Processed: Support messages, customer email, conversation history

Location: Privacy-focused infrastructure

Note: Privacy-first support platform without invasive tracking

Contabo

Cloud Hosting Primary Location Infrastructure

Purpose: Primary application hosting, database hosting, and monitoring infrastructure

Data Processed: All application data, customer accounts, databases, status pages, subscription data

Location: Germany πŸ‡©πŸ‡ͺ (European Union) - GDPR compliant

Note: This is our primary hosting provider. All your account data and databases are stored in Germany (EU). We also use Contabo infrastructure in other regions exclusively for distributed monitoring checks.

DigitalOcean

Monitoring Infrastructure Monitoring Only

Purpose: Multi-region uptime monitoring nodes (monitoring checks only, no customer data storage)

Data Processed: Monitoring check results, uptime metrics (no personal or account data)

Location: Multiple global regions (SOC 2 Type II, ISO 27001 certified)

Note: Used exclusively for distributed monitoring infrastructure. Does not store any customer account data or databases.

Kamatera Cloud

Monitoring Infrastructure Monitoring Only

Purpose: Additional monitoring nodes (monitoring checks only, no customer data storage)

Data Processed: Monitoring check results, uptime metrics (no personal or account data)

Location: Multiple global regions (ISO 27001 certified)

Note: Used exclusively for geographic diversity in monitoring infrastructure. Does not store any customer account data or databases.

OVHcloud

Monitoring Infrastructure Monitoring Only

Purpose: European monitoring nodes (monitoring checks only, no customer data storage)

Data Processed: Monitoring check results, uptime metrics (no personal or account data)

Location: European Union πŸ‡ͺπŸ‡Ί (GDPR compliant, ISO 27001, SOC 1 & 2 certified)

Note: Used exclusively for European-based monitoring infrastructure. Does not store any customer account data or databases.

Email Delivery (SMTP)

Email Delivery Transactional

Purpose: Transactional emails, notifications, alerts, incident updates

Data Processed: Email addresses, notification content, delivery logs

Location: Varies by SMTP provider configuration

Note: We use standard SMTP for email delivery. The specific SMTP provider may vary. We support self-hosted email infrastructure for privacy-conscious customers.

Data Protection & Security

How We Protect Your Data

Data Processing Agreements

All subprocessors are bound by GDPR-compliant Data Processing Agreements (DPAs) that ensure your data is protected and processed lawfully.

Encryption in Transit & At Rest

All data transmitted to subprocessors is encrypted using TLS 1.2+. Data at rest is encrypted using industry-standard methods.

Regular Security Audits

We regularly review our subprocessors' security practices and compliance certifications (SOC 2, ISO 27001, PCI DSS where applicable).

International Transfers

When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions).

Changes to This List

We may update this list of subprocessors from time to time as we add or remove service providers. Material changes will be communicated through:

  • Updates to this page with the "Last updated" date
  • Updates to our Privacy Policy
  • Email notification to customers for significant changes (e.g., new payment processor)

Enterprise customers with specific notification requirements should contact us at hey@statuspage.me to arrange advance notice of subprocessor changes.

Questions About Our Subprocessors?

If you have questions about our data processing practices or need additional information about our subprocessors, please contact us.

Contact Us Privacy Policy