DfenAI

Subprocessors

Last Updated: October 5, 2025

DfenAI uses certain third-party service providers ("Subprocessors") to assist in providing our threat intelligence platform. This page lists all Subprocessors that process customer data on behalf of DfenAI.

We maintain strict contracts with all Subprocessors to ensure they meet our security and privacy standards, including GDPR Article 28 requirements for data processing agreements.

Current Subprocessors

Hetzner Online GmbH

Infrastructure

Service: Cloud hosting infrastructure

Data Location: Germany (EU)

Purpose: Application hosting, database hosting, data storage

Certifications: ISO 27001, GDPR compliant

Website: hetzner.com

Stripe, Inc.

Payment Processing

Service: Payment processing and subscription billing

Data Location: United States (with EU data residency options)

Purpose: Process subscription payments, manage billing, handle payment card data

Certifications: PCI DSS Level 1, SOC 2 Type II, ISO 27001, GDPR compliant

Website: stripe.com

Mailgun Technologies, Inc.

Email Services

Service: Transactional email delivery

Data Location: European Union (EU infrastructure)

Purpose: Send security alerts, reports, notifications, and account emails

Certifications: GDPR compliant, SOC 2 Type II

Website: mailgun.com

Change Notification Policy

DfenAI will notify customers of any new Subprocessors or changes to existing Subprocessors at least 30 days in advance via:

  • Email notification to account administrators
  • Updates to this page with revision date
  • In-app notification for active users

Enterprise customers may object to new Subprocessors within the 30-day notice period. Contact security@dfen.ai to discuss alternatives.

Data Processing Agreements

All Subprocessors have executed Data Processing Agreements (DPAs) with DfenAI that include:

  • GDPR Article 28 compliance requirements
  • Security and confidentiality obligations
  • Data breach notification procedures
  • Data subject rights support
  • Audit rights and compliance verification
  • Data deletion and return upon termination

Questions or Concerns?

If you have questions about our Subprocessors, data processing practices, or need additional information for your privacy compliance requirements, please contact our security team:

Email: security@dfen.ai

Response Time: Within 48 hours for security inquiries

← Back to Legal Documents