Skip to content

Subprocessors

Last updated: 2026-05-14

OneClick relies on the following third-party services to run. Each entry lists what we send, where it is processed, and a link to the provider's data processing agreement (DPA). We update this page when we add, remove, or replace a subprocessor; material changes are announced by email at least 30 days in advance, so customers under a DPA can object.

Current subprocessors

  • Vercel, Inc.Application hosting, edge compute, web analytics

    Data: All HTTP request and response data, account data, site content
    Location: United States
    DPA: https://vercel.com/legal/dpa

  • Neon, Inc.PostgreSQL database

    Data: Account data, site content, AI generation history
    Location: AWS us-east-1, United States
    DPA: https://neon.tech/dpa

  • Cloudflare, Inc. (DNS + CDN + Registrar + R2)Domain registration, DNS, CDN, image and asset storage, bot protection, Turnstile

    Data: Domain registration details (WHOIS), DNS records, request metadata, uploaded photos and assets
    Location: Global edge; R2 buckets in EU (Frankfurt) where configured
    DPA: https://www.cloudflare.com/cloudflare-customer-dpa/

  • Stripe, Inc.Payment processing for OneClick subscriptions and domain markup

    Data: Card token, name, email, billing address, transaction amounts. We do not see full card numbers.
    Location: United States; EU data centres for EU customers
    DPA: https://stripe.com/legal/dpa

  • Mollie B.V.Payment processing for user-commerce (transactions on user-published sites)

    Data: Merchant onboarding data, transaction amounts, payout details. End-customer card data goes directly to Mollie.
    Location: Netherlands (EU)
    DPA: https://www.mollie.com/dpa

  • Microsoft Corporation (Azure OpenAI Service)AI text and image generation for site drafts and concierge layouts

    Data: Funnel inputs, business description, uploaded text snippets
    Location: Azure Sweden Central (EU)
    DPA: https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA

  • Anthropic, PBC (via Microsoft Azure Foundry)AI brand copywriting (Claude models)

    Data: Funnel inputs, business description
    Location: Routed through Azure Foundry in EU regions where available
    DPA: https://www.anthropic.com/legal/dpa

  • OpenAI Whisper (via Microsoft Azure)Voice transcription for users who record audio answers

    Data: Audio recordings, derived transcripts
    Location: Azure Sweden Central (EU)
    DPA: Covered by Microsoft DPA above

  • Black Forest Labs (FLUX, via Replicate/Together)AI hero image generation

    Data: Image generation prompts derived from your business description
    Location: United States
    DPA: https://replicate.com/dpa

  • Microsoft Azure Blob StoragePhoto storage and AI-generated image storage

    Data: Uploaded photos, generated images
    Location: Azure East US
    DPA: Microsoft DPA above

  • Amazon Web Services, Inc. (SES)Outbound transactional email relay (login links, receipts, notifications)

    Data: Email address, message content, delivery metadata
    Location: us-east-1
    DPA: https://aws.amazon.com/service-terms/

  • Postal (self-hosted on Oracle Cloud Infrastructure)Email send/track gateway sitting in front of AWS SES

    Data: Email address, message content, delivery and bounce events
    Location: Oracle Cloud, Amsterdam (EU)
    DPA: Self-hosted; processed by Fontaine Farm SRL directly

  • Resend, Inc.Transactional email fallback when Postal/SES is unavailable

    Data: Email address, message content, delivery metadata
    Location: United States
    DPA: https://resend.com/legal/dpa

  • Migadu Mail GmbHMailbox hosting for Business-tier customers who want a real inbox at their custom domain

    Data: Mailbox contents, login credentials
    Location: Switzerland
    DPA: https://www.migadu.com/legal/dpa/

  • Sentry (Functional Software, Inc.)Error monitoring and performance telemetry

    Data: Error stack traces, request metadata, user identifier (hashed), no payload bodies
    Location: United States
    DPA: https://sentry.io/legal/dpa/

  • Umami Software, Inc. (self-hosted)Privacy-friendly first-party web analytics

    Data: Page URLs, referrer, country, device class. No cross-site tracking, no advertising cookies.
    Location: Our own infrastructure in the EU
    DPA: Self-hosted; processed by Fontaine Farm SRL directly

  • Plunk (transitional)Legacy email marketing (being decommissioned in favour of Postal + SES)

    Data: Email address, subscriber lists, send and engagement events
    Location: Netherlands (EU)
    DPA: https://www.useplunk.com/dpa

Notifications of change

Business-tier customers and customers with a signed DPA receive 30 days' email notice before we add a new subprocessor or replace an existing one. You may object on legitimate grounds; if we cannot accommodate the objection, you may terminate your subscription with a pro-rata refund for the unused period.

Questions

For a current signed DPA or a list of sub-subprocessors for any of the providers above, email [email protected].