Introduction

Review subprocessors and transfer safeguards

Lists Duale AI subprocessors, the personal data they process, locations, transfer safeguards, notice periods for EEA and non‑EEA changes, and contact details for objections.

Provides a detailed list of Duale AI subprocessors that may handle personal data, outlines notice periods for changes, describes international transfer safeguards, and clarifies the roles of hosting, CDN, payment, support, and AI processing services, plus contact options.

  • The page lists all Duale AI subprocessors, their services, personal data processed, processing locations, and applicable transfer safeguards.
  • Customers receive email notice 30 days before EEA‑based subprocessor changes and 90 days before non‑EEA changes, with an objection address provided.
  • Hosting and authentication run on Hetzner infrastructure in Germany, while Cloudflare provides CDN services under the EU‑US Data Privacy Framework or SCCs.
  • Stripe processes payment data from Ireland and the United States with the EU‑US Data Privacy Framework or SCCs; Duale AI does not store credit‑card numbers.
  • Support chat is handled by Crisp IM SAS within the EEA, and the company states it does not use any third‑party analytics that collect personal data.

Summaries were generated by AI. Generative AI is experimental.

Introduction

List of subprocessors that may process personal data to provide, host, or secure Duale AI services.

Changes

Duale AI notifies Customers by email before any addition or replacement:

  • 30 days prior notice for European Economic Area-based subprocessors
  • 90 days prior notice for subprocessors outside the European Economic Area

Objections: contact+legal@mail.duale.ai

International Transfers

Transfers outside the European Economic Area rely on the Data Privacy Framework where it applies, or on the 2021 standard contractual clauses with supplementary measures where required.

Infrastructure, Hosting and Network Security

SubprocessorService ProvidedPersonal Data ConcernedProcessing LocationTransfer Safeguards
Hetzner Online GmbHHosting of Duale AI application infrastructureAccount, authentication and usage data, content needed for the service, technical logsGermany, European Economic AreaNo transfer outside the European Economic Area for this processing
Cloudflare, Inc.Website hosting, content delivery and network protectionIP address, user agent, URL, request headers, traffic metadata, security logsCloudflare global networkData Privacy Framework where it applies; 2021 standard contractual clauses with supplementary measures where required
  • Subprocessor
    Hetzner Online GmbH
    Service Provided
    Hosting of Duale AI application infrastructure
    Personal Data Concerned
    Account, authentication and usage data, content needed for the service, technical logs
    Processing Location
    Germany, European Economic Area
    Transfer Safeguards
    No transfer outside the European Economic Area for this processing
  • Subprocessor
    Cloudflare, Inc.
    Service Provided
    Website hosting, content delivery and network protection
    Personal Data Concerned
    IP address, user agent, URL, request headers, traffic metadata, security logs
    Processing Location
    Cloudflare global network
    Transfer Safeguards
    Data Privacy Framework where it applies; 2021 standard contractual clauses with supplementary measures where required

Authentication

Authentication is operated internally on Hetzner infrastructure in Germany. No external identity provider is used.

Artificial Intelligence Services

Customer chooses and contracts directly with model providers. These providers are not subprocessors imposed by Duale AI.

Duale AI internally processes routing and contextual memory on Hetzner infrastructure in Germany. Data is not reused outside the Customer context, for training, or for statistics.

Payment and Billing

SubprocessorService ProvidedPersonal Data ConcernedProcessing LocationTransfer Safeguards
Stripe Payments Europe, Ltd.Payment processingBanking data, email addressIreland / United StatesEuropean Union-United States Data Privacy Framework where applicable; 2021 standard contractual clauses and supplementary measures where required
  • Subprocessor
    Stripe Payments Europe, Ltd.
    Service Provided
    Payment processing
    Personal Data Concerned
    Banking data, email address
    Processing Location
    Ireland / United States
    Transfer Safeguards
    European Union-United States Data Privacy Framework where applicable; 2021 standard contractual clauses and supplementary measures where required

Note: Duale AI does not store credit card numbers.

Communication and Support

SubprocessorService ProvidedPersonal Data ConcernedProcessing LocationTransfer Safeguards
Crisp IM SASCustomer support, chatEmail, name, ticket contentEuropean Economic AreaNo transfer outside the European Economic Area indicated
  • Subprocessor
    Crisp IM SAS
    Service Provided
    Customer support, chat
    Personal Data Concerned
    Email, name, ticket content
    Processing Location
    European Economic Area
    Transfer Safeguards
    No transfer outside the European Economic Area indicated

Analytics and Monitoring

Duale AI does not use third-party analytics or monitoring services that collect personal data.

Contact