Sub-processors.
Full list of third parties that may process Controller personal data on Beamprobe's behalf. We give 30 days' notice before adding a new sub-processor.
Last updated: 15 May 2026 · Version 1.0
| Sub-processor | Purpose | Data accessed | Region | DPA |
|---|---|---|---|---|
| Cloudflare R2 Cloudflare, Inc. |
Encrypted object storage for documents, page renders, and exports | Encrypted document blobs (AES-256). No metadata. | EU jurisdiction | View |
| Cloudflare CDN + WAF |
DDoS protection, TLS termination, edge caching of public marketing pages | IP address, user agent, request metadata | Global edge, EU-routed | View |
| Hetzner Hetzner Online GmbH |
Application server + Postgres database hosting | All Controller data at rest (encrypted volumes) | Germany (Falkenstein) | View |
| Resend Resend, Inc. |
Transactional email delivery (room invites, signup verification, password resets) | Recipient email address, message body | EU (Frankfurt region) | View |
| Stripe Stripe Payments Europe Ltd |
Payment processing for paid subscriptions | Billing email, card last 4, billing address. No card numbers stored by Beamprobe. | Ireland + EU | View |
| Anthropic Anthropic PBC (AI room chat only) |
LLM inference for the optional AI room chat feature | Document chunks selected by the chat query + the question text. No training on Controller data. | EU API endpoint where available | View |
| Plausible Plausible Insights OÜ (marketing site only) |
Privacy-friendly analytics for marketing pages (no cookies, no PII) | Aggregated visit counts only. No IP storage, no user identifiers. | Estonia (EU) | View |
Notification of new sub-processors
Beamprobe gives 30 days' written notice before engaging any new sub-processor. Customers can subscribe to sub-processor change notifications by emailing [email protected]. If a customer objects to a new sub-processor, they may terminate the affected service within 30 days for a pro-rata refund.
No US data transfer
Controller documents are stored on Cloudflare R2 in EU jurisdiction and on Hetzner servers in Germany. No personal data is transferred to the United States in the ordinary course of providing the Services. Anthropic API calls (AI room chat, optional feature) use the EU endpoint where available.
Questions
Email [email protected] for a counter-signed sub-processor list, an enterprise DPA with custom terms, or details of our security controls. We answer within 2 working days.