Thauth.devLegal
Legal/Thauth Subprocessor Policy

Legal document

Thauth Subprocessor Policy

Current third-party subprocessors involved in delivering the service.

Last updated April 22, 2026Download MarkdownCookie policy

This Subprocessor Policy describes the third-party service providers (“Subprocessors”) that Thauth (“Thauth”, “we”, “us”) engages to process Customer Data on behalf of its customers.

This Policy applies in conjunction with the Terms of Service and Data Processing Agreement (“DPA”).

1. Purpose

Thauth uses Subprocessors to support the delivery, operation, and security of the Service.

Subprocessors may process Customer Data only for the specific purposes described in this Policy.

2. Subprocessor Definition

A “Subprocessor” is any third party engaged by Thauth to process Customer Data on behalf of Customers.

3. Current Subprocessors

Thauth currently uses the following Subprocessors:

| Subprocessor | Purpose | Data Involved | |-------------|--------|--------------| | Contabo | Infrastructure hosting (VPS, storage) | Customer Data, logs, system data | | Polar | Payment processing (Merchant of Record) | Billing data, customer account data | | Resend | Transactional email delivery | Email addresses, communication data |

4. Subprocessor Obligations

Thauth ensures that each Subprocessor:

  • Processes data only on documented instructions
  • Implements appropriate security measures
  • Is bound by contractual obligations consistent with this Policy and the DPA
  • Provides sufficient guarantees of data protection compliance

Thauth remains responsible for the performance of its Subprocessors.

5. Changes to Subprocessors

Thauth may update its list of Subprocessors from time to time.

Where required by applicable law or contractual commitments:

  • Customers will be notified of material changes
  • Notification may be provided via:
  • Email
  • Dashboard notice
  • Public update to this Policy

6. Customer Objection Rights

Where required by applicable data protection laws:

  • Customers may object to the addition of a new Subprocessor on reasonable grounds related to data protection

If an objection is raised:

  • Thauth will work in good faith to address concerns
  • If no resolution is possible, Customer may discontinue use of the Service

7. International Data Transfers

Subprocessors may process data outside the Customer’s jurisdiction.

Where required, Thauth ensures that appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs)
  • Equivalent legal mechanisms

8. Data Access and Minimization

Subprocessors are granted access only to the data necessary to perform their specific function.

Thauth applies principles of:

  • Data minimization
  • Purpose limitation

9. Security and Compliance

Thauth selects Subprocessors based on their ability to support:

  • Secure infrastructure
  • Reliable service delivery
  • Compliance with applicable data protection laws

10. Relationship with DPA

This Policy supplements the Data Processing Agreement.

In the event of conflict, the DPA shall prevail.

11. Updates

This Subprocessor Policy may be updated from time to time.

The latest version will always be available publicly.

Cookie Notice

We use essential cookies for sign-in, session security, and CSRF protection. We do not use analytics or advertising cookies right now. Learn more