InfoDefenders Sub-processors
Last updated: June 2026
InfoDefenders LLC ("InfoDefenders") uses the following third-party service providers ("Sub-processors") to process personal data on our behalf in connection with the InfoDefenders platform and marketing website.
This list applies to InfoDefenders's role as a Data Processor when processing Customer Data on behalf of Customer organizations, and as a Data Controller for account, billing, and marketing website data. Customers subject to GDPR may incorporate this list by reference into their Data Processing Agreement with InfoDefenders.
Current Sub-processors
| Sub-processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Billing contact information, payment tokens, subscription metadata | United States |
| Resend, Inc. | Transactional email delivery | Email addresses, email message content | United States |
| Hetzner Online GmbH | Cloud infrastructure and hosting | All platform data (encrypted at rest) | United States |
| Anthropic, PBC | AI Risk Assessment Agent | Tool and vendor context, assessment inputs, web search queries | United States |
| Functional Software, Inc. (Sentry) | Error monitoring and diagnostics | Error logs, request metadata, stack traces | United States |
| Amazon Web Services, Inc. (S3) | Optional file storage | Uploaded organization logos and user avatars (when enabled) | United States |
| Cloudflare, Inc. | DNS, WAF, and TLS edge services | IP addresses, request metadata | United States |
| Google LLC (Tag Manager) | Marketing site tag management | Cookie and page interaction data (with consent) | United States |
| Google LLC (Analytics) | Marketing site usage analytics | Anonymized/pseudonymized usage data (with consent) | United States |
Sub-processor Agreements
InfoDefenders maintains data processing agreements or equivalent contractual protections with each Sub-processor listed above. Sub-processors are authorized to process personal data only to provide services to InfoDefenders and in accordance with our instructions.
International Transfers
Several Sub-processors are located in the United States. Where personal data is transferred from the European Economic Area, United Kingdom, or Switzerland, InfoDefenders relies on appropriate safeguards including Standard Contractual Clauses (SCCs) approved by the European Commission or other valid transfer mechanisms under applicable data protection law.
Changes to This List
InfoDefenders may add or replace Sub-processors from time to time. We will:
- Update this page with the current list and "Last updated" date
- Notify Customer Admins by email at least 30 days before engaging a new Sub-processor that processes Customer Data, where required by applicable law or the Customer's DPA
- Provide Customers the opportunity to object to a new Sub-processor as described in the DPA
Contact
Questions about Sub-processors or to request notification of changes:
InfoDefenders, LLC
For Data Processing Agreement requests, see infodefenders.com/legal/dpa.