Sub-processors

Last updated: 12 July 2026

Ziyara.io uses the following sub-processors to provide the service. This list is referenced by our Data Processing Agreement. We inform agency customers at least 14 days before adding or replacing a sub-processor that processes pilgrim data.

Sub-processor Purpose Data processed Location Transfer safeguard
Hetzner Online GmbH Application & database hosting All service data Germany (EU) EU — not applicable
Amazon Web Services EMEA SARL (S3) File storage (documents, passport scans, photos, posters) Uploaded files Frankfurt, Germany (eu-central-1) EU region; SCCs for support access
Brevo (Sendinblue SAS) Transactional & campaign e-mail delivery E-mail addresses, message content France (EU) EU — not applicable
Infobip Ltd. SMS & WhatsApp message delivery Phone numbers, message content EU (HQ Croatia); global carrier network for delivery SCCs where routed outside the EEA
Google Ireland Ltd. (Firebase Cloud Messaging) Push notifications to the mobile app Device tokens, notification content EU/US SCCs / EU–US Data Privacy Framework
Functional Software, Inc. (Sentry) Error monitoring & diagnostics Technical error data (no pilgrim record content) US SCCs / EU–US Data Privacy Framework
Cloudflare, Inc. (Turnstile) Bot protection on public forms IP address, browser signals (website visitors only) Global (EU/US) SCCs / EU–US Data Privacy Framework
tawk.to Inc. Live chat on the marketing website Chat messages, visitor metadata (website visitors only — no pilgrim data) US SCCs

Independent controllers (not sub-processors)

Paddle.com Market Limited (UK) acts as our Merchant of Record: Paddle sells the subscription to the agency, processes payments, and remits applicable taxes. For payment and billing data Paddle acts as an independent data controller under its own privacy policy. Paddle never receives pilgrim data.

Changes to this list

We notify agency customers by e-mail or in-app notice at least 14 days before a new sub-processor processes pilgrim data. Questions: info@ziyara.io


See also: Data Processing Agreement · GDPR & Data Protection · Privacy Policy