Subprocessors

Current subprocessors

“Core” providers are part of every Frontelio deployment. “If enabled” providers are engaged only when the related module or integration is switched on for your account — so they may not process your data at all.

Provider	Purpose	Data type	Region	Status
DigitalOcean	Cloud hosting — application servers and database	All operational & account data	EU · Frankfurt (FRA1)	Core
Object storage (S3-compatible)	Storage of photos, evidence, and uploaded documents	Images & documents	EU by default (configurable)	Core
Firebase Cloud Messaging (Google)	Mobile push notifications	Device push tokens	Global	Core
Microsoft 365 (Microsoft Graph)	Transactional & notification email	Email addresses, message content	EU / global (Microsoft)	Core
Sentry	Application error & performance monitoring	Diagnostic & error metadata	EU	Core
Anthropic (Claude)	AI photo verification & in-app AI assistance	Submitted evidence images, prompt text	Processing only (US-based API)	Core
PostHog	Product analytics — activation funnel (aggregate)	Pseudonymous usage events (keyed by tenant)	EU (configurable)	If enabled
Postmark	Visitor magic-link email (visitor management module)	Visitor email addresses	Global	If enabled

DigitalOcean

Core

Purpose: Cloud hosting — application servers and database
Data: All operational & account data
Region: EU · Frankfurt (FRA1)

Object storage (S3-compatible)

Core

Purpose: Storage of photos, evidence, and uploaded documents
Data: Images & documents
Region: EU by default (configurable)

Firebase Cloud Messaging (Google)

Core

Purpose: Mobile push notifications
Data: Device push tokens
Region: Global

Microsoft 365 (Microsoft Graph)

Core

Purpose: Transactional & notification email
Data: Email addresses, message content
Region: EU / global (Microsoft)

Sentry

Core

Purpose: Application error & performance monitoring
Data: Diagnostic & error metadata
Region: EU

Anthropic (Claude)

Core

Purpose: AI photo verification & in-app AI assistance
Data: Submitted evidence images, prompt text
Region: Processing only (US-based API)

PostHog

If enabled

Purpose: Product analytics — activation funnel (aggregate)
Data: Pseudonymous usage events (keyed by tenant)
Region: EU (configurable)

Postmark

If enabled

Purpose: Visitor magic-link email (visitor management module)
Data: Visitor email addresses
Region: Global

How we manage subprocessors

Each subprocessor is engaged under data-protection terms no less protective than those in our own DPA, and we remain responsible for their performance.
We keep the list short and remove providers we no longer need.
We will give reasonable advance notice of a material change to this list so customers can review it.
A formatted, signable subprocessor schedule is available with our DPA on request.

A note on accuracy

This list reflects the providers our service actually uses. We do not list vendors we are not contracted with; where a provider only applies to an optional module it is marked “If enabled”. If you need the exact legal entity, processing location, and contract reference for any provider, request the full schedule at support@frontelio.com.

Current subprocessors

How we manage subprocessors

A note on accuracy

Need this for procurement?