Start Free TrialIn accordance with GDPR requirements, we maintain this list of third-party service providers (subprocessors) that process data on behalf of StatusPage.me.
Last updated: December 2025
We carefully select service providers who meet high standards for security, privacy, and reliability. All subprocessors are bound by data processing agreements that require them to protect your data in accordance with GDPR and other applicable privacy laws.
Purpose: Payment processing, subscription management, and billing
Data Processed: Payment card information, billing details, transaction records, customer email
Location: United States πΊπΈ (PCI DSS Level 1 compliant)
Note: DodoPayments acts as the Merchant of Record. Payment card data is sent directly to DodoPayments and never touches our servers.
Purpose: Privacy-friendly, cookie-free web analytics
Data Processed: Anonymized page views, referrers, browser/OS info (no personal data)
Location: European Union πͺπΊ (GDPR, CCPA, PECR compliant)
Note: No cookies, no personal data collection. View our public stats at plausible.io/statuspage.me
Purpose: Customer support, help desk, and knowledge base
Data Processed: Support messages, customer email, conversation history
Location: Privacy-focused infrastructure
Note: Privacy-first support platform without invasive tracking
Purpose: Primary application hosting, database hosting, and monitoring infrastructure
Data Processed: All application data, customer accounts, databases, status pages, subscription data
Location: Germany π©πͺ (European Union) - GDPR compliant
Note: This is our primary hosting provider. All your account data and databases are stored in Germany (EU). We also use Contabo infrastructure in other regions exclusively for distributed monitoring checks.
Purpose: Multi-region uptime monitoring nodes (monitoring checks only, no customer data storage)
Data Processed: Monitoring check results, uptime metrics (no personal or account data)
Location: Multiple global regions (SOC 2 Type II, ISO 27001 certified)
Note: Used exclusively for distributed monitoring infrastructure. Does not store any customer account data or databases.
Purpose: Additional monitoring nodes (monitoring checks only, no customer data storage)
Data Processed: Monitoring check results, uptime metrics (no personal or account data)
Location: Multiple global regions (ISO 27001 certified)
Note: Used exclusively for geographic diversity in monitoring infrastructure. Does not store any customer account data or databases.
Purpose: European monitoring nodes (monitoring checks only, no customer data storage)
Data Processed: Monitoring check results, uptime metrics (no personal or account data)
Location: European Union πͺπΊ (GDPR compliant, ISO 27001, SOC 1 & 2 certified)
Note: Used exclusively for European-based monitoring infrastructure. Does not store any customer account data or databases.
Purpose: Transactional emails, notifications, alerts, incident updates
Data Processed: Email addresses, notification content, delivery logs
Location: Varies by SMTP provider configuration
Note: We use standard SMTP for email delivery. The specific SMTP provider may vary. We support self-hosted email infrastructure for privacy-conscious customers.
All subprocessors are bound by GDPR-compliant Data Processing Agreements (DPAs) that ensure your data is protected and processed lawfully.
All data transmitted to subprocessors is encrypted using TLS 1.2+. Data at rest is encrypted using industry-standard methods.
We regularly review our subprocessors' security practices and compliance certifications (SOC 2, ISO 27001, PCI DSS where applicable).
When data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place (Standard Contractual Clauses, adequacy decisions).
We may update this list of subprocessors from time to time as we add or remove service providers. Material changes will be communicated through:
Enterprise customers with specific notification requirements should contact us at hey@statuspage.me to arrange advance notice of subprocessor changes.
If you have questions about our data processing practices or need additional information about our subprocessors, please contact us.