Skip to content

Sub-processors

To deliver the PostStack service, MICCI engages the following third parties as sub-processors under GDPR Article 28. This list is authoritative and is updated whenever the set of sub-processors changes.

Hetzner Online GmbH

Finland (EU)

Primary infrastructure provider. Hosts all application servers, databases, mailbox storage, SMTP relay, backups, and logging in the Helsinki (hel1) region. All customer email content and metadata is processed and stored exclusively on Hetzner infrastructure.

View DPA / Privacy Policy →

Stripe Payments Europe, Ltd.

Ireland (EU)

Payment processing for paid plans. Receives billing contact details (name, email, address), invoice amounts, and payment method metadata. Does not receive customer email content, recipient lists, or message metadata.

View DPA / Privacy Policy →

GitHub, Inc.

United States

Optional OAuth sign-in provider. Only invoked when an individual user explicitly chooses "Sign in with GitHub" — we then receive profile name, email, and avatar URL for that user. Not used for any customer email data; not engaged unless the user opts in.

Transfer mechanism: Standard Contractual Clauses + EU-US Data Privacy Framework

View DPA / Privacy Policy →

Change log

  • 2026-04-07Initial published list: Hetzner, Stripe, Cloudflare, GitHub.
  • 2026-05-07Hetzner location corrected to Finland (Helsinki / hel1) — same legal entity (Hetzner Online GmbH, DE), no change of sub-processor or jurisdiction. The previous "Germany (EU)" label inherited the entity country; the production server has always been in Helsinki.
  • 2026-05-18Cloudflare, Inc. removed from the sub-processor list. Cloudflare is not in the PostStack data path: DNS for poststack.dev is served by our own authoritative nameservers, web and API traffic is served directly from the Helsinki cluster (no Cloudflare proxy or CDN), and SMTP / IMAP / inbound mail terminate directly on the host. The earlier listing was inherited from a previous deployment and was inaccurate. Cloudflare remains available as an optional customer-side DNS integration (customers who run their own DNS at Cloudflare can authorise PostStack to write SPF/DKIM/DMARC records via their own API token); in that arrangement Cloudflare is the customer's sub-processor, not ours.

Questions about this list? Contact privacy@poststack.dev. See also our Privacy Policy and Terms of Service.