Sub-processor Registry - Shortnd URL Shortener

Last Updated: September 1, 2025 • Subscribe to change alerts: https://shortnd.com/subprocessors

This page lists third‑party Sub‑processors authorized to process personal data on behalf of customers, with regions and transfer safeguards.

Vendor	Service	Region(s)	Transfer Mechanism	DPF/SCC	Purpose
DigitalOcean	Cloud Infrastructure & Hosting	US/EU/Global	SCCs	N/A	Primary hosting infrastructure
Cloudflare	CDN, WAF, Bot Mitigation	Global	SCCs/DPF	Yes	Security & content delivery
PostgreSQL	Database (Self-hosted on DigitalOcean)	US/EU	SCCs	N/A	Primary data storage
Redis	Cache (Self-hosted on DigitalOcean)	US/EU	SCCs	N/A	Performance caching
Mixpanel	Product Analytics	US/EU	SCCs/DPF	Yes	Product usage analytics
PostHog	Product Analytics & Session Replay	US/EU	SCCs	N/A	Product analytics & feature flags
Google Analytics 4	Web Analytics	Global	SCCs	N/A	Marketing & SEO analytics
Google Search Console	SEO Analytics	Global	SCCs	N/A	Search performance monitoring
Google Cloud Platform	Cloud Services (GSC API)	Global	SCCs	N/A	Search Console API access
Resend	Email Delivery	US/EU	SCCs	N/A	Transactional emails
Clerk.dev	Authentication & User Management	US/EU	SCCs/DPF	Yes	User authentication & identity
Sentry	Error Tracking & Performance	US/EU	SCCs	N/A	Error monitoring & debugging
Stripe	Payment Processing	US/EU	DPF + SCCs	Yes	Billing & payments
Paystack	Payment Processing	Africa	SCCs	N/A	Billing & payments (Africa)
MaxMind	GeoIP Data	US	SCCs	N/A	Geolocation services
Slack	Team Notifications	US/EU	SCCs	N/A	Internal communications

Notes

We evaluate vendors for security posture, privacy controls, and transfer safeguards.
Material changes will be posted 30 days in advance where feasible.
Enterprise customers may request additional details or DPAs.
All sub-processors are bound by data protection terms no less protective than our DPA.
Transfer mechanisms: SCCs (Standard Contractual Clauses), DPF (EU-US Data Privacy Framework).

Last Updated: September 1, 2025 • Subscribe to change alerts: https://shortnd.com/subprocessors

This page lists third‑party Sub‑processors authorized to process personal data on behalf of customers, with regions and transfer safeguards.

Vendor	Service	Region(s)	Transfer Mechanism	DPF/SCC	Purpose
DigitalOcean	Cloud Infrastructure & Hosting	US/EU/Global	SCCs	N/A	Primary hosting infrastructure
Cloudflare	CDN, WAF, Bot Mitigation	Global	SCCs/DPF	Yes	Security & content delivery
PostgreSQL	Database (Self-hosted on DigitalOcean)	US/EU	SCCs	N/A	Primary data storage
Redis	Cache (Self-hosted on DigitalOcean)	US/EU	SCCs	N/A	Performance caching
Mixpanel	Product Analytics	US/EU	SCCs/DPF	Yes	Product usage analytics
PostHog	Product Analytics & Session Replay	US/EU	SCCs	N/A	Product analytics & feature flags
Google Analytics 4	Web Analytics	Global	SCCs	N/A	Marketing & SEO analytics
Google Search Console	SEO Analytics	Global	SCCs	N/A	Search performance monitoring
Google Cloud Platform	Cloud Services (GSC API)	Global	SCCs	N/A	Search Console API access
Resend	Email Delivery	US/EU	SCCs	N/A	Transactional emails
Clerk.dev	Authentication & User Management	US/EU	SCCs/DPF	Yes	User authentication & identity
Sentry	Error Tracking & Performance	US/EU	SCCs	N/A	Error monitoring & debugging
Stripe	Payment Processing	US/EU	DPF + SCCs	Yes	Billing & payments
Paystack	Payment Processing	Africa	SCCs	N/A	Billing & payments (Africa)
MaxMind	GeoIP Data	US	SCCs	N/A	Geolocation services
Slack	Team Notifications	US/EU	SCCs	N/A	Internal communications

We evaluate vendors for security posture, privacy controls, and transfer safeguards.
Material changes will be posted 30 days in advance where feasible.
Enterprise customers may request additional details or DPAs.
All sub-processors are bound by data protection terms no less protective than our DPA.
Transfer mechanisms: SCCs (Standard Contractual Clauses), DPF (EU-US Data Privacy Framework).

Last Updated: September 1, 2025 • Subscribe to change alerts: https://shortnd.com/subprocessors

This page lists third‑party Sub‑processors authorized to process personal data on behalf of customers, with regions and transfer safeguards.

Vendor	Service	Region(s)	Transfer Mechanism	DPF/SCC	Purpose
DigitalOcean	Cloud Infrastructure & Hosting	US/EU/Global	SCCs	N/A	Primary hosting infrastructure
Cloudflare	CDN, WAF, Bot Mitigation	Global	SCCs/DPF	Yes	Security & content delivery
PostgreSQL	Database (Self-hosted on DigitalOcean)	US/EU	SCCs	N/A	Primary data storage
Redis	Cache (Self-hosted on DigitalOcean)	US/EU	SCCs	N/A	Performance caching
Mixpanel	Product Analytics	US/EU	SCCs/DPF	Yes	Product usage analytics
PostHog	Product Analytics & Session Replay	US/EU	SCCs	N/A	Product analytics & feature flags
Google Analytics 4	Web Analytics	Global	SCCs	N/A	Marketing & SEO analytics
Google Search Console	SEO Analytics	Global	SCCs	N/A	Search performance monitoring
Google Cloud Platform	Cloud Services (GSC API)	Global	SCCs	N/A	Search Console API access
Resend	Email Delivery	US/EU	SCCs	N/A	Transactional emails
Clerk.dev	Authentication & User Management	US/EU	SCCs/DPF	Yes	User authentication & identity
Sentry	Error Tracking & Performance	US/EU	SCCs	N/A	Error monitoring & debugging
Stripe	Payment Processing	US/EU	DPF + SCCs	Yes	Billing & payments
Paystack	Payment Processing	Africa	SCCs	N/A	Billing & payments (Africa)
MaxMind	GeoIP Data	US	SCCs	N/A	Geolocation services
Slack	Team Notifications	US/EU	SCCs	N/A	Internal communications

We evaluate vendors for security posture, privacy controls, and transfer safeguards.
Material changes will be posted 30 days in advance where feasible.
Enterprise customers may request additional details or DPAs.
All sub-processors are bound by data protection terms no less protective than our DPA.
Transfer mechanisms: SCCs (Standard Contractual Clauses), DPF (EU-US Data Privacy Framework).