Subprocessors
Who processes data on our behalf.
A complete list of every third party that processes user data for zlabz.io, what data they touch, where they host it, and the certifications they carry. We keep this list in sync with reality — if a vendor changes, this page changes.
Last updated · 2026-04-21
Vendor · purpose · data
Region
Certifications
DPA
- USA (AWS us-east)SOC 2 Type IIISO 27001GDPRCCPADPA
- USA (AWS us-east)SOC 2 Type IIGDPRCCPAHIPAA readyDPA
- Global (configurable regions)SOC 2 Type IIISO 27001GDPRCCPADPA
- Dodo Payments
Checkout, subscription billing, customer portal
Payment method, billing address, invoices
Singapore / GlobalPCI DSS Level 1SOC 2GDPRDPA - EU (France)GDPRSOC 2 Type IIDPA
- Umami Software (self-hosted)
Aggregated, cookieless web analytics
Page views, referrer, country — no PII
EU (self-hosted infra)GDPRePrivacyNo PII collectedDPA - SearXNG (self-hosted)
Metasearch backend for Frames + Object Match Cut
Search queries only, not associated to user id
EU (self-hosted infra)No trackingNo cookiesOpen sourceDPA - Browserless / Coolify
Headless rendering for social media frames
URLs to render, transient only (no storage)
EU (self-hosted infra)GDPRTransient data onlyDPA
Change notice
We tell you when this list changes.
When we add or change a subprocessor we update this page and — if you have an active Pro subscription or signed DPA — notify you by email at least 14 days before the change takes effect, so you can object if needed.
What's NOT in this list
- • No ad networks. No retargeting pixels. No Meta / Google tag.
- • We do not sell, rent, or trade personal data with anyone.
- • Each vendor receives the minimum data needed to deliver its service — nothing else.
- • Umami and SearXNG are self-hosted on our own EU infrastructure, not the vendor's public SaaS.