Legal
Sub-processors
LiteConsent uses a limited number of third-party service providers to operate the platform. This page lists all sub-processors that may process personal data on behalf of our customers, in accordance with GDPR Article 28.
Current sub-processors
| Sub-processor | Purpose | Data processed | Location |
|---|---|---|---|
| Hetzner Online GmbH | Server hosting | All service data (consent records, account data, configurations) | Germany (EU) |
| Cloudflare, Inc. | CDN, DDoS protection, DNS | IP addresses (in transit), cached JS banner files | EU edge nodes |
| Paddle.com Market Ltd | Payment processing (Merchant of Record) | Customer name, email, billing/payment information | UK |
| Google LLC | Email delivery, OAuth authentication, bot protection (reCAPTCHA), font delivery | Customer email addresses, email content, OAuth profile data (email, name), reCAPTCHA signals | US |
| OpenAI, L.L.C. | AI-powered text processing (banner translation, cookie classification) | Banner text content, cookie names and descriptions (no personal visitor data) | US |
Data transfer safeguards
EU-based processors
Hetzner and Cloudflare (EU edge nodes) process data within the EU/EEA. No additional transfer mechanism required.
UK and US-based processors
Paddle (UK) operates under the UK GDPR adequacy decision. Google and OpenAI (US) transfers are covered by Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework.
Change notification
We will notify all customers by email at least 30 days before adding a new sub-processor or replacing an existing one. This gives you the opportunity to review the change and raise any objections.
If you have concerns about a sub-processor change, contact us at [email protected]. If we cannot address your concern and no reasonable alternative is available, either party may terminate the agreement in accordance with the Terms of Service.