PaperAPI logoPaperAPI
Log inGet started

Transparency

Subprocessors

PaperAPI engages a limited number of subprocessors to provide and improve our services. This page lists all third parties that may process customer data.

Last updated: December 17, 2025

Our Commitment to Transparency

We are committed to transparency about who processes your data. All subprocessors are carefully vetted for:

  • GDPR compliance and appropriate data protection agreements
  • EU data residency or Standard Contractual Clauses (SCCs)
  • Security certifications (ISO 27001, SOC 2, etc.)
  • Data Processing Agreements with processor obligations

Subprocessor List

All subprocessors listed below have signed Data Processing Agreements with PaperAPI.

Stripe

Payment processing and billing

Active

Data Processed

Name, email, billing address, payment method details

Data Location

EU (data residency enabled)

DPA

Stripe Data Processing Agreement

Certifications

PCI DSS Level 1, SOC 2 Type II, ISO 27001

Hetzner Cloud

Hosting and compute infrastructure

Active

Data Processed

All application data (databases, object storage, logs)

Data Location

EU (Germany – Frankfurt)

DPA

Data Processing Agreement (Hetzner Online GmbH)

Certifications

ISO 27001 (data centers), GDPR compliant

Change Notification

We will notify you at least 30 days in advance of adding new subprocessors.

Notifications will be sent via:

  • Email to the account owner
  • Updates to this page (with change date noted)
  • RSS feed available at /subprocessors/feed (coming soon)

If you object to a new subprocessor, you may terminate your subscription within the 30-day notice period. Contact legal@paperapi.de for details.

What We Don't Use

No analytics or tracking subprocessors:

  • No Google Analytics or similar tracking
  • No advertising networks
  • No data brokers or resellers
  • No AI training or content analysis services

Questions About Subprocessors?

For questions about our subprocessors or to request additional documentation, contact legal@paperapi.de.

Security →Privacy Policy →GDPR Compliance →Data Residency →