Subprocessor list

This page identifies vendors that may participate in service delivery and have access to personal data, depending on context.

When a vendor processes personal data on behalf of Halthia customers, it acts as a subprocessor under the applicable contractual framework.

This page is a public informational list; where a signed contract exists, the applicable contractual document prevails.

The list is updated when relevant supplier or purpose changes occur.

Vendor: Render. Purpose: application and database hosting for service operations.

Potential data types: account and operational data, plus client data where applicable by customer use.

Location/transfers: effective location depends on contracted region and current configuration. If processing occurs outside the EEA, we apply appropriate safeguards (SCCs or equivalent legal mechanism), plus supplementary measures where required.

Vendor: Cloudflare Turnstile. Purpose: anti-bot verification and protection against malicious automated submissions in lead forms.

Potential data types: technical identifiers, IP address, security telemetry and challenge validation outcome.

Location/transfers: international transfers may apply; in that case we implement GDPR-appropriate safeguards (including SCCs where applicable).

Vendor: Resend. Purpose: operational and lead-related email delivery (demo/contact).

Potential data types: name, email, consent metadata and message content.

Location/transfers: international transfers may apply; in that case we implement GDPR-appropriate safeguards.

Vendor: Stripe. Purpose: subscription charges and payment event handling.

Potential data types: customer identification and billing details; Halthia does not store full card PAN data.

Location/transfers: international transfers may apply; in that case we implement GDPR-appropriate safeguards.

Vendors: Google Analytics 4 and Vercel Analytics/Speed Insights (loaded only with cookie consent).

Purpose: aggregate usage and performance measurement to improve the service.

Potential data types: technical identifiers and navigation events according to consent settings.

When relevant subprocessor changes affect customer data processing, updates are communicated through standard contractual channels.

Customers may raise reasonable and justified objections under the applicable contractual framework.

Contact: support@halthia.com.

General legal and privacy framework: /en/privacy, /en/terms, /en/cookies and /en/legal-notice.

Data-processing and enterprise operations framework: /en/dpa, /en/sla and /en/security-incidents.