Sub-processors

Signkit uses the following third-party service providers to process data on your behalf. This page is maintained as required by our Data Processing Agreement.

Sub-processor Change Notifications

We provide 30 days prior notice before adding new sub-processors. You may object to a new sub-processor within 14 days of notification. If we cannot accommodate your objection, you may terminate the Service.

Last updated: January 1, 2026

Infrastructure

Core hosting and storage services

Provider	Purpose	Location	Data Processed
Clerk	Authentication and user management	United States	Email address, name, profile photo, authentication tokens
Hetzner	Cloud hosting and infrastructure (Kamal)	Germany (EU)	All Service data (encrypted at rest)
Cloudflare R2	File and asset storage, CDN	EU (auto-region)	Uploaded images, logos, signature assets
Neon	Serverless PostgreSQL database hosting	EU (Frankfurt)	All Service data (encrypted at rest)

Analytics

Product analytics and monitoring

Provider	Purpose	Location	Data Processed
PostHog	Product analytics and feature flags	EU (Frankfurt)	User ID, page views, feature usage, device information
Sentry	Error tracking and application monitoring	Germany (EU)	Error logs, stack traces, user context for debugging

Billing

Payment and subscription management

Provider	Purpose	Location	Data Processed
Polar	Billing, subscriptions, and payment processing	EU	Organization ID, subscription details, billing events

Communications

Email and customer support

Provider	Purpose	Location	Data Processed
Resend	Transactional email delivery	United States	Email addresses, email content for delivery
Chatwoot	Live chat customer support	Self-hosted (EU)	User ID, name, email, chat conversation history
Mautic	Marketing automation and email campaigns	Self-hosted (EU)	Email, name, activity data (with consent)

AI & Data

AI features and data enrichment

Provider	Purpose	Location	Data Processed
Firecrawl	Website scraping for brand data extraction	United States	Website URLs provided by users
OpenAI	AI-generated campaign copy and suggestions	United States	Company name, industry, website content for copy generation
Logo.dev / Clearbit	Logo resolution and company data enrichment	United States	Domain names for logo lookup

International Data Transfers

How we protect data transferred outside the EU/EEA

For sub-processors located outside the European Economic Area (EEA), we ensure appropriate safeguards are in place:

Standard Contractual Clauses (SCCs): We use EU-approved SCCs with all US-based sub-processors (Clerk, Resend, Firecrawl, OpenAI, Logo.dev/Clearbit).
Self-hosted services: Chatwoot and Mautic are self-hosted on our EU infrastructure (Hetzner, Germany), ensuring data remains within the EU.
EU data residency: Where available, we configure sub-processors to use EU regions (PostHog EU, Neon Frankfurt, Cloudflare R2 EU).