Sub-processors
The third parties below process data on Filarr’s behalf. Our analytics (Plausible) is self-hosted on our own infrastructure and is therefore not a sub-processor: no usage data is sent to a third-party service.
| Sub-processor | Role | Data | Location | Safeguard |
|---|---|---|---|---|
| Cloudflare, Inc. | API compute (Workers), database (D1), encrypted-file storage (R2), rate limiting (KV) | Accounts, file metadata, audit logs, encrypted blobs (opaque), anti-abuse counters | United States (company) · R2 data in EU (Frankfurt) | Standard Contractual Clauses (SCCs) · content end-to-end encrypted, unreadable by the sub-processor |
| Vercel Inc. | Website hosting & delivery (CDN); performance metrics (Web Vitals) | HTTP request logs, performance metrics | United States (global CDN) | Standard Contractual Clauses (SCCs) |
| Stripe, Inc. / Stripe Payments Europe | Payment & subscription processing | Card data (handled by Stripe, never stored by Filarr), customer id, billing history | United States / Ireland (EU) | PCI DSS Level 1 · SCCs for transfers |
| Resend | Service transactional email (verification, team invitations, billing notices) | Recipient email address, transactional message content | United States | Standard Contractual Clauses (SCCs) |
| OVH SAS | Contact / waitlist form email; domain-name registrar | Name, email and message submitted in the form; DNS records | France (Roubaix) | Hosting and processing within the EU |
| Sentry | Error & incident monitoring (optional) | Error events, technical stack traces | EU ingestion (de.sentry.io) | EU ingestion region · SCCs |
Notification and objection
We update this list before adding or replacing any sub-processor. To be notified of changes, email contact@filarr.com. A business customer may object to a new sub-processor; if we cannot accommodate the objection, the customer may terminate the affected service.
Reminder: for file content, end-to-end encryption means no sub-processor — including the storage host — has access to the plaintext.