Valpero uses the following third-party sub-processors to provide the Service. All processors are bound by data processing agreements (DPAs) and are required to handle your data in accordance with GDPR and applicable data protection law.
| Company & Purpose | Location | Security & Compliance |
|---|---|---|
| Hetzner Cloud GmbH Infrastructure hosting — VPS servers running the Valpero application, monitoring workers, and all associated compute | 🇩🇪Germany (EU) | ISO 27001 GDPR-compliant DPA in place |
| PostgreSQL + TimescaleDB on Hetzner Primary database — stores user accounts, monitor configurations, uptime check results, and incident history | 🇩🇪Germany (EU) | Encrypted at rest AES-256 full-disk encryption |
| Redis on Hetzner In-memory cache and task queue — used for rate limiting, session management, and background job scheduling. Does not persist personal data to disk. | 🇩🇪Germany (EU) | In-memory only No personal data persisted to disk |
| Google LLC OAuth 2.0 login — allows users to sign in with their Google account. Safe Browsing API may be used for URL validation. | 🇺🇸United States | Google Cloud DPA Standard Contractual Clauses (SCCs) |
| GitHub, Inc. OAuth 2.0 login — allows users to sign in with their GitHub account. Only basic profile information (name, email, avatar) is accessed. | 🇺🇸United States | GitHub DPA Standard Contractual Clauses (SCCs) |
| Stripe, Inc. Payment processing — handles subscription billing and payment card data. Valpero does not store card details; all payment data is managed by Stripe. | 🇺🇸United States | PCI DSS Level 1 SOC 2 Type II, SCC in place |
| Twilio SendGrid / SMTP Transactional email — used to send downtime alerts, SSL expiry warnings, account verification emails, and other operational notifications. | 🇺🇸United States | SOC 2 Type II Data minimisation — only email address transferred |