Subprocessors

To deliver our services, we engage carefully selected service providers that process personal data on our behalf (sub-processors within the meaning of Art. 28 GDPR). With each of these providers there is a data processing agreement (DPA) that includes the guarantees required under Art. 28 GDPR. This overview serves transparency towards our customers and prospects.

Subprocessors in use

The following service providers process data on our behalf:

• Vercel Inc. — hosting & delivery of the website · USA (EU data region, SCCs)
• Mailgun (Sinch) — sending & delivery of emails · EU/USA (SCCs)
• Google (Workspace / Gmail) — business email communication · EU/USA (SCCs)
• Plausible Analytics — privacy-friendly, cookieless audience measurement · EU (Germany)
• Cloudflare, Inc. — CDN, DNS & DDoS protection · global (EU data region, SCCs)

Whether a particular service is actually used depends on the specific project commissioned. Within a data processing relationship, we provide the complete list applicable to the respective project on request.

Selection & control

We select subprocessors based on their technical and organisational protective measures and review their suitability regularly. Each provider is contractually obliged to process data exclusively in accordance with our instructions and in compliance with the GDPR. For providers that process data outside the EU/the EEA, we safeguard the transfer through EU Standard Contractual Clauses (SCCs) as well as supplementary measures.

Changes & information

We inform existing data processing customers in advance about the addition or replacement of a subprocessor and grant a right to object within the contractually agreed scope. We keep this page up to date and provide it with a date of last change.

Questions?

If you have any questions about our subprocessors, you can reach us at info@reepasolutions.de. You will find further compliance information in our Trust Center as well as in the Data Processing page.

Last updated: June 2026