Subprocessors
Last updated: April 2026
DoorFee engages the following third-party subprocessors to deliver the service. Each subprocessor is bound by contractual commitments consistent with GDPR Article 28, including confidentiality, security, and data-transfer safeguards. We update this page when subprocessors are added or removed.
Customers with active subscriptions may object to new subprocessors by contacting us through the support channels listed in our Privacy Policy.
| Subprocessor | Purpose | Location | Data Categories |
|---|---|---|---|
| Discord, Inc. | OAuth authentication, bot role management, user identity | United States | Discord user ID, username, avatar, email, server memberships |
| Stripe, Inc. | Payment processing, subscription billing, Stripe Connect payouts, tax calculation | United States (EU data processed in EU under Stripe DPA) | Name, email, billing address, payment method, transaction history |
| Amazon Web Services / Cloudflare (object storage) | Storage of user-uploaded media (sales page images, page builder assets, data exports) | Configurable per deployment (typically US or EU region) | Uploaded files, file metadata |
| Better Stack (Logtail) | Application log aggregation, debugging, security monitoring | European Union (Czech Republic) | User IDs, IP addresses, request paths, error stack traces, audit events |
| Functional Software, Inc. (Sentry) | Error monitoring, performance tracing, release health | United States | Anonymized error data, request metadata, stack traces, user ID (hashed) |
| PostHog, Inc. | Product analytics, feature usage measurement, funnel analysis | United States (us.i.posthog.com) | User ID, session identifiers, page views, custom events (consent-gated) |
| Google LLC (Analytics 4, Search Console) | Marketing site traffic measurement and search indexing | United States | Anonymized IP, page views, referrers, device/browser metadata (consent-gated) |
| Pusher Ltd. | Real-time notifications and live dashboard updates | United Kingdom / United States | User ID, channel subscriptions, notification payloads |
| Sendinblue SAS (Brevo) | Transactional and marketing email delivery | European Union (France) | Email address, name, email engagement events |
| The Rocket Science Group LLC (Mailchimp) | Email marketing integration, when configured by server owners | United States | Email address, name, subscription events (server-owner controlled) |
| Klaviyo, Inc. | Email marketing integration, when configured by server owners | United States | Email address, name, purchase events (server-owner controlled) |
| Intuition Machines, Inc. (hCaptcha) | Bot protection on checkout and authentication flows | United States | IP address, browser signals, CAPTCHA response tokens |
International Data Transfers
Transfers of personal data to subprocessors outside the European Economic Area are protected by appropriate safeguards, including Standard Contractual Clauses (SCCs) and, where applicable, the EU-US Data Privacy Framework.
Data Processing Agreement
Customers requiring a signed Data Processing Agreement (DPA) may request one through our support channels. Our DPA incorporates the EU Standard Contractual Clauses by reference and reflects the subprocessor list above.
Changes to This List
We may update this list as we add or remove subprocessors. Material changes will be reflected here along with an updated "Last updated" date.