Sub-processors
Every vendor that processes customer data.
We list every sub-processor that touches customer data — what it does, where the data sits, and the DPA status. We email customers 30 days before any sub-processor change takes effect so you have time to update your DORA / NIS2 mapping.
Last updated: 2026-05-10. Discrepancies between this page and our DPA are corrected here first; the DPA appendix is updated quarterly or whenever we add or remove a sub-processor.
Current list
13 active sub-processors
| Vendor | Location | Function | Data accessed | DPA |
|---|---|---|---|---|
| Exoscale (A1 Group) | Zürich, CH (CH-DK-2) | Compute — EU region. VMs running the parsr API + parser workers. | All EU-region document content in flight + memory during processing | Signed |
| Hetzner Online | Ashburn, VA, USA | Compute — US region. VMs running the parsr API + parser workers. | All US-region document content in flight + memory | Signed |
| Cloudflare R2 | EU (jurisdiction='eu') / US | Object storage — uploaded PDFs and parsed JSON results | Document blobs; encrypted at rest | Signed |
| Cloudflare (edge) | EU + US POPs | Edge proxy — TLS termination, WAF, DDoS protection | Request headers + body in transit; payloads are TLS-terminated at the regional origin | Signed |
| Neon | EU (Frankfurt) / US | Postgres — control plane (orgs, users, API keys, jobs, usage) | Account metadata + job records. No document content stored in Postgres. | Signed |
| Stripe | EU + US (Stripe EU for EU customers) | Billing, payment processing, subscription management | Customer billing details only — no document content | Signed |
| Anthropic | Routed via EU + US Bedrock endpoints | LLM inference (Claude) — the extraction model behind every parse | Document text only (the rasterised page images are sent to the LLM); no metadata beyond what's printed on the document itself | Signed · Zero Data Retention available on Scale + Enterprise tiers |
| WorkOS | US (with EU residency option for Enterprise) | Authentication — SSO, MFA, passkey, magic link, password reset | Email, password hash, auth metadata only — no document content | Signed |
| Resend | EU + US (sender domain on EU routing) | Transactional email — verification, password reset, magic link, billing receipts | Email address + email body content | Signed |
| Sentry (sentry.io EU) | EU (sentry.io EU) | Error monitoring on the API + dashboard | Stack traces, request IDs, exception class names. PII (API keys, emails, document content) is filtered server-side via Sentry's EU project filters. | Signed |
| PostHog (EU) | Frankfurt, DE (eu.posthog.com) | Product analytics on the operator dashboard at app.tryparsr.dev | Dashboard click events keyed by org_id (e.g. "clicked Generate API key"). Never document content. | Signed |
| Better Stack | EU (logs.betterstack.com EU) | Log aggregation, uptime monitoring, public status page (status.tryparsr.dev) | Structured application logs (PII scrubbed at the structlog layer). No document content. | Signed |
| Plausible Analytics | Frankfurt, DE | Privacy-respecting site analytics on tryparsr.dev (the marketing site) | Anonymous page views — no cookies, no fingerprints, no PII | Signed |
EU residency notes
Where EU customer data actually goes
- Exoscale (A1 Group)
EU customers' compute lands here exclusively.
- Hetzner Online
US customers only.
- Cloudflare R2
EU customers' R2 bucket carries jurisdiction='eu' (data residency, not just locality).
- Neon
EU control-plane data lives in the Neon EU project.
The deeper EU-sovereignty walkthrough (DORA / NIS2 / BSI C5 alignment, jurisdiction='eu' on R2, no US-jurisdiction processor in the EU compute path) lives at /eu.
Change notification
How we tell you about changes
When we add, remove, or change a sub-processor, we email every customer 30 days before the change takes effect. The email includes the vendor name, location, function, what data they'll access, and the option to object — if you object on a specific sub-processor, we'll work with you to find an alternative or, in the worst case, terminate the contract with a pro-rata refund.
Subscribe to the dedicated change feed at /changelog (RSS available) to track these changes alongside other API revisions.