Legal
Subprocessors
Third parties that process data on behalf of Clavitor. All are GDPR-compliant and contractually bound to data protection standards equivalent to our own.
Last updated: June 21, 2026
Clavitor is built to keep serving you regardless of any single provider, region, or vendor failing. We deliberately spread trust across independent companies, jurisdictions, and ownership chains — and cut every dependency we can. Where a provider is load-bearing, it has a fail-over that shares nothing with it: no common owner, country, or network. The breadth of this list is the point — engineered redundancy, not vendor sprawl.
- Central-I and Central-II share nothing — Leaseweb (Amsterdam, Dutch-owned) and ABLENET (Osaka, Japanese-owned) have no common provider, geography, or failure domain.
- Outgoing email fails over — Google handles primary delivery of your six-digit verification codes, with Proton as an independent backup, so codes still reach you if one is down.
- Your vault is replicated — stored encrypted at the POP nearest you, with backups to geographically distant POPs.
Clavitor operates 21 Points of Presence (POPs) across six continents. Your vault data is stored encrypted at the POP nearest to you, with backups to geographically distant POPs for resilience. See the Looking Glass for the complete list of POPs with locations and latency.
| Provider | POPs | Scope | Data type | Certifications |
|---|---|---|---|---|
| Amazon Web Services, Inc. 410 Terry Ave N, Seattle, WA, USA | 16 | Primary provider for most regions | Encrypted vault data, metadata, logs | SOC 2 Type II, ISO 27001, GDPR |
| Webrain OÜ (is*hosting) Tallinn, Estonia | 4 | Istanbul, Almaty, Bogotá, Dubai | Encrypted vault data — regional POPs | Regional compliance |
| SiteHUB Agency Ltd Unit 6, Royal Pine Estate, Orchid Road, Lekki, Lagos, Nigeria | 1 | Lagos | Encrypted vault data — regional POP | Regional compliance (Rack Centre, Lagos) |
| Leaseweb Netherlands B.V. Luttenbergweg 8, 1101 EC Amsterdam, Netherlands | -- | Central-I (primary) | Administrative operations, billing infrastructure | ISO 27001, PCI DSS, SOC 1, GDPR |
| K&K Corporation (ABLENET) 5-14-10 Nihonbashi, Naniwa-ku, Osaka 556-0005, Japan | -- | Central-II (fail-over) | Administrative operations, billing infrastructure (fail-over) | Regional compliance |
| Cloudflare, Inc. 101 Townsend Street, San Francisco, CA, USA | -- | Global DNS resolution | Domain resolution only — no vault data | SOC 2 Type II, ISO 27001, GDPR |
| Provider | Function | Data processed | Certifications |
|---|---|---|---|
| Paddle.com Market Ltd Judd House, 18-29 Mora Street, London, UK | Subscription billing, payment processing | Payment method (tokenized), billing address, invoice data | PCI DSS Level 1, SOC 2 Type II, GDPR |
| Provider | Function | Data processed | Certifications |
|---|---|---|---|
| Google LLC 1600 Amphitheatre Parkway, Mountain View, CA, USA | Transactional email — primary (six-digit verification codes, vault notifications) | Email address, one-time verification codes, vault-related notifications | ISO 27001, SOC 2 Type II, GDPR |
| Proton AG Route de la Galaise 32, Plan-les-Ouates, Geneva, Switzerland | Transactional email — independent fail-over | Email address, one-time verification codes, vault-related notifications | GDPR, Swiss FADP |
| Cloudflare, Inc. 101 Townsend Street, San Francisco, CA, USA | DNS resolution | Domain queries only — no vault data ever touches Cloudflare | SOC 2 Type II, ISO 27001, GDPR |
We deliberately avoid common subprocessors that compromise privacy:
- No Google tracking or embeds: No Analytics, no Fonts, no reCAPTCHA, no Firebase — Google is used only for outbound transactional email, never tracking and never embedded in the product
- No Meta/Facebook: No tracking pixels, no social plugins
- No third-party CDNs: All assets served from our own POPs (Cloudflare is DNS-only, never proxy/CDN)
- No marketing platforms: No Mailchimp, HubSpot, or similar
- No cloud logging: Logs stay within our infrastructure
We notify all active subscribers 30 days before adding any new subprocessor. For critical security updates, shorter notice may apply with immediate notification.
Last updated: June 21, 2026