Datastory Logo
CustomersConsulting
← Back to Legal Documents

List of Subprocessors

We work with trusted third-party service providers (subprocessors) to deliver our services. This page lists all subprocessors that may process your personal data.

Last updated: September 1, 2025

Current Subprocessors

All subprocessors are required to maintain appropriate data protection standards and are bound by data processing agreements that include:

  • Commitment to GDPR compliance
  • Appropriate technical and organizational measures
  • Restrictions on data use and access
  • Data breach notification procedures
  • Standard Contractual Clauses (SCCs) for international transfers

Amazon Web Services (AWS)

Ireland (EU)

Purpose: Cloud hosting, compute services, and data storage infrastructure

Data Types: All platform data, user content, application data

Stripe

Ireland (EU)

Purpose: Payment processing and subscription management

Data Types: Payment information, billing data, transaction records

Hasura

Germany (EU)

Purpose: GraphQL API layer and real-time data synchronization

Data Types: Application data, user queries, metadata

Vercel

Germany (EU)

Purpose: Frontend hosting and content delivery network

Data Types: Static assets, website content, usage analytics

Neon

Germany (EU)

Purpose: PostgreSQL database hosting and management

Data Types: Application database, user data, content metadata

ClickHouse Cloud

Germany (EU)

Purpose: Analytics database and data warehousing

Data Types: Usage analytics, performance metrics, aggregated data

Data Protection Safeguards

For subprocessors located outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses (SCCs): EU-approved contract terms ensuring data protection
  • Adequacy Decisions: Where available, we rely on European Commission adequacy decisions
  • Additional Safeguards: Technical measures such as encryption and access controls
  • Regular Audits: Ongoing assessment of subprocessor compliance

Subprocessor Changes

We will notify customers at least 14 days in advance of any material changes to our subprocessors, including:

  • Addition of new subprocessors
  • Changes in data processing purposes
  • Changes in data location or jurisdiction
  • Removal of existing subprocessors

Enterprise customers may object to new subprocessors as outlined in their Data Processing Agreement. If you object to a subprocessor change, please contact us within 30 days to discuss alternative arrangements. If we cannot accommodate your objection, you may have the right to terminate the affected services in accordance with your Data Processing Agreement.

Questions About Subprocessors?

For questions about our subprocessors, to request additional due diligence information, or to discuss data processing arrangements, please contact our Data Protection team.

Email: hello@datastory.tech

Response time: Within 14 days

Datastory Logo

Let's talk:

hello@datastory.tech

Platform

Data visualizationWebsites & appsContent managementAI & insightsLinked dataSurvey data

Resources

FAQNewsNewsletter

Company

About usNewsCareersCustomersConsulting

Legal

Privacy policyTerms of useGDPR complianceData processing addendum

Social media

Contact

Datastory c/o Embassy House

Östgötagatan 12

Stockholm, Sweden

©2025 Datastory All rights reserved.