Version 1.0.0 — Last updated May 20, 2026
Within the meaning of article 28 of Regulation (EU) 2016/679 (“GDPR”), Cardonaut SAS engages the sub-processors listed below to deliver its Services. Any update is notified on this page before it goes live.
Transfers outside the EU: when a sub-processor is located outside the European Union, transfers are governed by the Standard Contractual Clauses adopted by the European Commission (decision 2021/914) and, for certified US sub-processors, by the Data Privacy Framework (EU-US DPF).
Security: each sub-processor provides sufficient contractual guarantees under article 28(3) GDPR (DPA, encryption in transit and at rest, logging, organisational measures).
| Sub-processor | Service | Location | Transfer mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Back-end hosting (NestJS), MongoDB database, Meilisearch, AI services, monitoring | Germany (EU) | EU hosting — no transfer outside the EU |
| Stripe Payments Europe, Ltd. | Card payment processing (shop checkout) | Ireland (EU) — onward flows to Stripe Inc. (United States) | Standard Contractual Clauses (SCCs) + Data Privacy Framework (DPF) |
| Mondial Relay SAS | Parcel-locker and home delivery (order fulfilment) | France (EU) | EU sub-processor — no transfer outside the EU |
| Apple Distribution International Ltd | iOS app distribution, in-app purchases, receipt validation | Ireland (EU) — limited flows to Apple Inc. (United States) | SCCs + DPF |
| Google Ireland Limited | Android app distribution, Firebase Cloud Messaging (push notifications), Firebase Analytics | Ireland (EU) — onward flows to Google LLC (United States) | SCCs + DPF |
| Anthropic, PBC | Cardo IA conversational assistant (Claude Sonnet/Opus) — processing of user messages and contexts | United States | SCCs |
| Google LLC (Gemini API) | Card OCR (text extraction) inside the scan pipeline, user-facing hint generation | United States | SCCs + DPF |
| OpenAI, L.L.C. | Vector embeddings (Cardo IA hybrid search) — user prompts not retained on OpenAI side | United States | SCCs + DPF |
| RevenueCat, Inc. | In-app subscriptions management (legacy — the app has been free since April 2026) | United States | SCCs + DPF |
| GlitchTip (self-hosted on Hetzner) | Crash and error reporting (open-source equivalent of Sentry) | Germany (EU) — self-hosted instance | No transfer outside the EU |
| Grafana Loki (self-hosted on Hetzner) | Server log centralisation | Germany (EU) — self-hosted instance | No transfer outside the EU |
| Logto | Authentication for the staff back-office (not used for mobile user accounts) | EU | No transfer outside the EU |
| Discord, Inc. | Monitoring alert webhooks to the staff channel (no user data — technical metadata only) | United States | SCCs + DPF |
Change notification: any addition or material change to a sub-processor is published on this page at least fifteen (15) days before it takes effect. Users may raise a substantiated objection by writing to [email protected].
Questions: for any question about sub-processors or international data transfers, please contact [email protected].