Alleex Cloud · Legal
Subprocessors
⚠ PENDING LAWYER REVIEW — not legal advice
This page is a structural scaffold. It has not been reviewed by qualified EU/GDPR counsel and is notlaunch-ready. No paying customer may onboard until a lawyer has reviewed and approved this document (binding pre-launch gate).
Provenance: Auto-generated from the Alleex Cloud platform provider inventory (ADR-0001 stack). Single source of truth; updated whenever a provider is added.
GDPR Art. 28(2). This is the Alleex Cloud platformlist. A customer app's subprocessors vary by installed modules and are published per-app in that app's generated privacy policy.
| Subprocessor | Role | Jurisdiction | Personal data | Transfer |
|---|---|---|---|---|
| Neon | Database (control-plane + per-tenant app DB, EU-Frankfurt) | US entity · EU data region | Yes | SCCs |
| Cloudflare | Customer-app edge hosting + R2 storage (EU) | US entity · EU Workers | Yes | SCCs + EU Workers |
| Vercel | Builder/control-plane hosting | US | Yes | SCCs |
| Clerk | Builder dashboard auth (NOT customer-app users) | US | Yes | SCCs |
| Polar.sh | Merchant of record — Alleex Cloud subscription billing + EU VAT | EU-established MoR | Yes | No SCC required |
| Anthropic | LLM inference (build-time only; BYO-key removes this) | US | No | SCCs |
| Resend | Transactional email (EU region) | US entity · EU region | Yes | SCCs |
| PostHog | Product analytics (EU Cloud, consent-gated) | EU | Yes | EU-hosted — no transfer |
| Sentry | Error monitoring | US | Yes | SCCs |
| Better Stack | Uptime monitoring / logs | EU/US | Yes | SCCs where applicable |
| Trigger.dev | Background job orchestration | US/EU | Yes | SCCs |
| Infisical | Secrets management | US (self-hostable) | No | SCCs; self-host removes transfer |
| GitHub | Source code, CI | US (Microsoft) | No | SCCs |
| Sigstore / Rekor | Audit-chain transparency witness (SHA-256 hashes only) | Public log (Linux Foundation) | No | N/A — hashes only |
This document is information about Alleex Cloud's technical and organisational measures, not legal advice. Consult your DPO or legal counsel for your specific obligations.