Planned sub-processors · pre-launch
Eliopi will engage the sub-processors listed below to operate the platform. Each will be contracted under data-processing terms appropriate to the data scope; EU/UK Standard Contractual Clauses will apply where personal data is transferred outside the EEA.
Once Eliopi launches, material additions to this list will be announced to merchants and account contacts at least 30 days in advance. Existing merchants may object via privacy@eliopi.com; if no agreement is reached, the merchant may terminate without penalty.
Payment processor
Stripe — the payment processor.
Stripe is the licensed processor that handles all card payments on the Eliopi platform. Stripe is a sub-processor for cardholder PAN, CVV, and authentication data — these are captured by Stripe Elements directly in the cardholder's browser and never reach Eliopi infrastructure.
| Provider |
Purpose |
Data scope |
Jurisdiction |
| Stripe, Inc. |
Licensed payment processor; KYB; identity verification; payouts; dispute handling |
Cardholder PAN/CVV (handled by Stripe directly), tokenised payment methods, charges, transfers, payouts, KYB documents |
USA |
Infrastructure
Hosting, compute, and storage.
| Provider |
Purpose |
Data scope |
Jurisdiction |
| Amazon Web Services |
Primary cloud hosting (compute, database, object storage, KMS, networking) |
All Eliopi platform data at rest (excluding what stays with Stripe) |
USA · eu-west-1 |
| Vercel |
Frontend hosting (marketing site, dashboard SPA delivery) |
Static assets, edge logs (no PII at rest) |
USA |
| Railway |
Service hosting for selected backend components |
Application logs, environment configuration |
USA |
| Cloudflare |
CDN, WAF, DDoS mitigation, DNS |
Edge logs (request metadata, IP, User-Agent — not bodies) |
Global · USA primary |
Operational tooling
Telemetry, email, support.
| Provider |
Purpose |
Data scope |
Jurisdiction |
| Sentry |
Error tracking, exception monitoring, performance traces |
Stack traces, request metadata (PII scrubbed before transmission), user ID |
USA |
| Resend |
Transactional email (account, receipts, dispute alerts, password reset) |
Recipient email, account contact name, email subject and body |
USA |
| Plausible Analytics |
Privacy-first website analytics (no cookies, no fingerprinting) |
Aggregated visit counts, referrer, country (no IP retention, no individual tracking) |
EU · Germany / Estonia |
Compliance & KYB
Identity verification and screening.
| Provider |
Purpose |
Data scope |
Jurisdiction |
| Stripe Identity |
KYB collection · identity verification · selfie / document matching · sanctions screening |
Representative + beneficial-owner identity documents · selfie · PII (handled by Stripe; we receive verification status) |
USA |
Notes
- This list is current as of the date at the top of this page. The most recent version is always at this URL; we do not maintain prior versions in the public footer (archived versions on request to privacy@eliopi.com).
- Sub-processors listed here process personal data on Eliopi's behalf. Sub-processors of Stripe (e.g. card networks, banks, KYB ID-verification vendors used by Stripe Identity) are governed by Stripe's own sub-processor disclosures.
- The DPA covers our processor obligations to merchant controllers; it can be requested at privacy@eliopi.com with subject
[DPA request].