Partikl

Pricing

Docs

Legal

Sub-processor List

Third-party services that process customer data on behalf of Partikl.

Last updated: April 7, 2026

v1.1

·

Updated April 7, 2026

v1.1

Effective April 7, 2026

·

Governed by Georgia law

ℹ️

This page lists all third-party sub-processors engaged by Partikl to process personal data on your behalf. It is maintained as an annex to our Data Processing Agreement and updated whenever sub-processors are added, changed, or removed — with 30 days advance notice for additions and material changes.

1. What is a Sub-processor?

A sub-processor is a third-party entity that Partikl engages to process personal data as part of delivering the Service, where Partikl acts as the processor on your behalf.

This list does not cover:

  • Your content data processed by you — you are the data controller
  • Third-party addons you choose to enable — those providers act under their own terms when you explicitly authorize them; see §3.5
  • BYOS providers you configure — you engage them directly as a sub-processor of your own; see §5
  • Partikl employees — covered by employment agreements and internal policies

We conduct due diligence on all sub-processors including review of their security certifications, DPA terms, and data transfer mechanisms before engagement.

2. Data Residency Options

ℹ️

Your data residency preference

Your data is stored in EU-based infrastructure by default. During registration, you can select your preferred region — EU or US — based on your operational needs. This setting can also be changed later in your account settings. Enterprise accounts may request custom data residency configurations, including private self-hosted deployments. Your current data residency setting is always visible in your account dashboard.

ConfigurationDescriptionAvailability
EU-based (default)All data stored and processed in EU (Hetzner/BunnyCDN). CDN edge delivery globally.All plans
US-basedAll data stored and processed in US (Vultr/DigitalOcean). CDN edge delivery globally.Coming Soon
Custom / BYOSYou provide your own storage endpoint. Partikl processes only; you store.Team, Enterprise
Self-hostedFull self-hosted deployment on your infrastructure.Enterprise

For EU-primary accounts: all sub-processors in §3 apply. For US-primary accounts: additional US-region processors may apply — contact privacy@partikl.io for the US-specific list.

3. Current Sub-processors

3.1 Infrastructure & Compute

Infrastructure & Compute

ProcessorPurposeData TypesLocationJurisdiction
DigitalOcean, LLC

Primary application servers — API layer, pipeline processing workers, background job execution, WebUI hosting

Account data, API keys (hashed/salted), usage metadata, pipeline job records, processed asset metadata, application logs (PII-scrubbed)

Frankfurt, Germany (FRA1), Amsterdam, Netherlands (AMS3) — EU primary

🇺🇸 United States (SCCs for EU transfers)

The Constant Company, LLC (Vultr)

Database infrastructure — primary metadata store, analytics store, distributed block storage for fail-tolerant multi-node database cluster

Asset metadata, namespace configuration, pipeline definitions, encrypted KEK references, access logs (hashed identifiers), usage counters

Amsterdam, Netherlands, Frankfurt, Germany, Warsaw, Poland — EU primary

🇺🇸 United States (SCCs for EU transfers)

Backblaze, Inc.

Primary object storage (B2, S3-compatible) — storage of all processed media variants, original assets, and pipeline output files

Customer media assets (all variants: thumb, index, original), stored encrypted at application layer before upload. Backblaze receives only ciphertext — never plaintext content.

Amsterdam, Netherlands (EU)

🇺🇸 United States (SCCs for EU transfers, data physically in NL)

3.1 Email And Marketing

Email And Marketing

ProcessorPurposeData TypesLocationJurisdiction
Migadu AG

Transactional email delivery — account registration confirmations, password reset, billing notifications, legal notices (sub-processor change alerts, DPA confirmations)

Recipient email address, account name, email content (account status and billing information only). Delivery metadata (sent/bounced status). Open tracking: disabled.

Zürich, Switzerland

🇨🇭 Switzerland (EU adequacy decision)

3.2 Content Delivery Network & Edge

CDN & Edge Delivery

ProcessorPurposeData TypesLocationJurisdiction
BunnyWay d.o.o. (bunny.net)

Global edge delivery of processed media variants — CDN pull zone caching, anycast routing, edge delivery of pipeline output files

Processed asset content (encrypted in transit via TLS 1.3), anonymized delivery logs (IP truncated to /24 prefix), cache hit/miss metrics, request path and response headers

Headquarters: Ljubljana, Slovenia (EU). Edge PoPs: 119 locations globally including EU, US, Asia, South America

🇸🇮 Slovenia (GDPR) — SCCs for non-EU edge PoPs

3.3 Additional S3 Providers (BYOS)

ℹ️

BYOS — Bring Your Own Storage

Partikl supports any S3-compatible storage provider configured by you via BYOS. These providers are not Partikl sub-processors — you engage them directly. See §5 for BYOS configuration and your responsibilities.

3.4 GPU Processing & AI Inference

ℹ️

Self-hosted AI processing

Core AI addon processing (background removal, upscaling, object detection, similarity search, auto-moderation) runs on Partikl-operated GPU infrastructure. Your content is processed on infrastructure we control — not forwarded to third-party AI APIs unless you explicitly enable an external addon that discloses its provider.

GPU Processing & AI Inference

ProcessorPurposeData TypesLocationJurisdiction
Partikl (self-hosted GPU inference)

AI addon processing — image background removal, upscaling/denoising, object detection, similarity embeddings, auto-moderation (safety classification), alt-text generation

Asset content passed to enabled addon only: image frames, audio segments, video clips, or document pages. Processing is transient — input is not retained after inference. Output (labels, embeddings, generated text) stored as variant metadata.

EU-primary GPU infrastructure

EU (same region as account data residency)

⚠️

External AI provider addons

The following sub-processors are engaged only when a user explicitly enables the specific addon identified below. Each addon's marketplace listing identifies its provider before enablement.

GPU Processing & AI Inference (External — Conditional)

ProcessorPurposeData TypesLocationJurisdiction
Anthropic, PBC

CONDITIONAL: Large language model inference — document analysis, content understanding, structured metadata extraction addons (when Anthropic-powered addon is enabled by user)

Document content or image description passed to model API. Retention: per Anthropic API policy (zero data retention available on API tier). No training on API data per Anthropic policy.

United States

🇺🇸 United States (SCCs for EU transfers)

RunPod, Inc.

CONDITIONAL: Burst GPU capacity — on-demand GPU inference for high-load periods when self-hosted capacity is insufficient

Media asset content for inference job only. Ephemeral — not retained after job completion.

United States / EU (datacenter selectable)

🇺🇸 United States (EU datacenter option available)

3.5 Observability & Monitoring

Analytics & Observability (Self-hosted)

ProcessorPurposeData TypesLocationJurisdiction
Umami (self-hosted by Partikl)

Privacy-first website analytics — cookieless page view counting, referrer tracking, feature usage events on partikl.io

Page URL, referrer domain, browser type, OS type, screen resolution, country (derived from IP — IP not stored). No persistent identifiers. No cookies. No cross-site tracking.

Partikl-operated infrastructure — EU

🇪🇺 EU (same region as primary compute)

Uptime Kuma (self-hosted by Partikl)

Internal service availability monitoring and public status page (status.partikl.io)

Service endpoint response times and HTTP status codes only. No customer data processed.

Partikl-operated infrastructure — EU

🇪🇺 EU

Internal log aggregation (self-hosted)

Application error logging, API access logs, security event logging, pipeline execution traces

API endpoint paths, HTTP status codes, response times, pipeline job IDs, error codes. User IDs stored as HMAC-SHA256 hashes. IP addresses truncated to /24. No request body content logged.

Partikl-operated infrastructure — EU

🇪🇺 EU

3.6 User-Submitted Addons & External API Integrations

⚠️

User-configured addon sub-processors

Partikl supports a third-party addon ecosystem where users and developers can register custom addons via the Addon API. When you enable a user-submitted or third-party addon, that addon's provider becomes a sub-processor acting under your direction — not under Partikl's DPA.

Before enabling any third-party addon, review:

  • The addon's listed data processor and privacy policy
  • What data is sent to the addon (declared in addon manifest)
  • The addon's data retention policy
  • Whether the addon provider is in an adequate jurisdiction for your compliance requirements

Third-Party & User-Submitted Addons

ProcessorPurposeData TypesLocationJurisdiction
Third-party addon provider (identified per addon listing)

Addon-specific processing as declared in the addon manifest — image transformation, AI inference, metadata enrichment, format conversion, or other pipeline operations

Only the specific asset content or metadata scopes declared in the addon manifest. Partikl enforces declared scope at the API gateway level — addons cannot access data beyond their declared manifest.

Disclosed in addon marketplace listing — varies by provider

Disclosed in addon listing

3.7 Payment Processing & Billing

Billing & Payments

ProcessorPurposeData TypesLocationJurisdiction

Georgian payment processor

Payment processing and subscription billing — initial launch processor for card payments and recurring subscriptions

Billing name, email address, payment method details (card last 4, expiry), billing address, transaction records, subscription status

Georgia (Tbilisi)

🇬🇪 Georgia

4. Data Transfer Mechanisms

For sub-processors located outside the EEA, we ensure compliance with GDPR Chapter V requirements:

Transfer BasisApplied To
Processing within EU onlyInfrastructure is EU Only (all services) — no transfer
EU-headquartered, global CDNBunnyCDN — EU HQ + SCCs for non-EU edge nodes
Standard Contractual Clauses (SCCs)Payment processing provided by a licensed Georgian
payment service provider, future non-EU processors
Self-hostedUmami, Uptime Kuma, logs — no third-party transfer
ℹ️

We maintain a Transfer Impact Assessment (TIA) for all SCCs-based transfers. Enterprise customers may request copies of our TIAs and executed SCCs via privacy@partikl.io.

5. BYOS — Bring Your Own Storage

When you configure BYOS, your storage provider is not a Partikl sub-processor. You engage them as a data controller in your own right.

Your responsibilities with BYOS:

  • Execute your own DPA with your storage provider
  • Ensure compliance with data transfer rules applicable to your jurisdiction
  • Configure access controls and encryption on your storage bucket
  • Ensure your BYOS provider's security meets your compliance requirements

Partikl's role with BYOS:

  • We write processed output to your bucket via your provided credentials
  • We do not retain copies of content stored in your BYOS
  • Your credentials are stored encrypted and used only for storage operations

Common BYOS providers (not Partikl sub-processors):

ProviderHQGDPR DPAData RegionNotes
Hetzner Object Storage🇩🇪 GermanyYesDE, FIRecommended for EU compliance
Backblaze B2🇺🇸 USYesNetherlands, USSCCs required for EU transfers
AWS S3🇺🇸 USYesEU-West, EU-CentralAWS DPA + SCCs
Cloudflare R2🇺🇸 USYesEU availableNo egress fees
Wasabi🇺🇸 USYesEU-Central-1
MinIO or Garage (self-hosted)Your infraN/AYour controlFull control

6. Addon Provider Requirements

All addon providers listed on the Partikl marketplace must:

  1. Execute a Data Processing Agreement with Partikl
  2. Disclose data residency and transfer mechanisms
  3. Maintain appropriate security certifications
  4. Accept deletion requests within 30 days of addon disablement
  5. Not use customer content for model training without explicit user consent
  6. Provide privacy policy URL in their marketplace listing

Partikl may remove an addon from the marketplace if a provider fails to maintain these requirements.

7. Sub-processor Changes

Adding New Sub-processors

We provide 30 days advance notice via:

  • Email to account owner and designated privacy contact
  • This page (new processor listed as "Upcoming" with effective date)
  • Dashboard notification for accounts with active DPA

Objection Process

To object to a new sub-processor on data protection grounds:

  1. Email privacy@partikl.io within 20 days of notice
  2. Subject line: Sub-processor Objection: [Processor Name]
  3. Include your specific data protection concern and account ID
  4. We respond within 10 business days

If we cannot accommodate your objection and you cannot continue using the Service, you may terminate with pro-rata credit for unused prepaid fees. This is your sole remedy for sub-processor objections under Art. 28(2) GDPR.

Removing Sub-processors

Removal is effective immediately. This page is updated and a changelog entry is created. No advance notice is required for removals.

8. Changelog

Material changes to this list are logged in our Legal Changelog.

DateChangeTypeNotice Sent
2026-04-07Initial sub-processor list publishedInitialN/A

Upcoming changes will appear here 30 days before effective date.

9. Contact

PurposeContact
Accept standard DPADashboard → Settings → Legal → DPA
DPA questions / custom DPA (Enterprise)privacy@partikl.io
Sub-processor objectionprivacy@partikl.io — subject: "Sub-processor Objection"
Transfer Impact Assessment requestsprivacy@partikl.io
General privacy questionsprivacy@partikl.io

Last updated: April 7, 2026 (v1.1)
Legal Changelog · Privacy Policy · DPA

All systems operational

99.98% uptime

Status page

Partikl

© 2026 Partikl. All rights reserved.

Phone Number: +995 599 136 221

Move with ❤️ in Georgia

PrivacyTermsDMCAGDPR

GDPR Compliant

CCPA Ready

Data processed in EU / US regions

End-to-end encryption