Subprocessors and data residency
Register last reviewed: 14 May 2026 · Next review: quarterly
This page lists every third-party processor that touches Bookey customer data, the purpose, the processing region, and the data processing agreement (DPA) artefacts on file. Bookey policy mandates EU-only data residency for every subprocessor that handles personal data.
| Subprocessor | Purpose | Region | DPA / SCCs |
|---|---|---|---|
| Hetzner Online GmbH | Application hosting + PostgreSQL database | Germany (Falkenstein) | DPA at hetzner.com - EU-domiciled, no SCCs required |
| Cloudflare Inc. | DNS, DDoS protection, object storage (R2), bot protection | Multi-region; R2 storage pinned to EU jurisdiction | Cloudflare Customer DPA + SCCs |
| Backblaze Inc. | Off-site weekly backups (B2) | EU region (eu-central-003) | Backblaze B2 DPA + SCCs |
| Resend | Transactional email delivery | EU region (eu-central-1 mail relays) | DPA at resend.com/legal/dpa |
| Amazon Web Services | SMS delivery (SNS) | eu-central-1, region pinned by IAM policy | AWS GDPR DPA + SCCs |
| Google LLC | OAuth sign-in + Google Calendar sync | Multi-region (calendar events processed in the user's home region) | Google Customer DPA + SCCs |
| DeepL SE | Auto-translation of branding strings and email templates | Germany | DPA at deepl.com - EU-domiciled, no SCCs required |
Region pinning
EU residency is enforced by configuration, not promises: object storage buckets are created with the EU jurisdiction flag, the SMS IAM policy only permits the eu-central-1 region, backups target EU-region buckets only, and the hosting project is locked to German data centres (with a Finnish region permitted for restore drills only).
Changes
We update this page within 30 days of adding or changing a subprocessor, and mention any subprocessor that processes customer personal data in our privacy policy with 30 days' notice before activation.