Sub-processor List - FragonForge
This list supports the Privacy Policy and the DPA. A sub-processor is a third party the Provider (Fragon Studios e.U.) engages to process personal data on behalf of Customers.
Last updated: 2026-07-16
How to read this list
- Confirmed rows are in production and verified against the product facts.
- The Customer's LLM provider is not a sub-processor and is listed separately at the end, with the reason.
Sub-processors
| Sub-processor | Location | Service / purpose | Data categories | Status |
|---|---|---|---|---|
| Hetzner Online GmbH | Germany (EU) | Hosting and infrastructure: compute for the platform and sandboxes, and EU object storage for point-in-time-recovery database backups | All platform data at rest and in processing, including account data, encrypted tokens, repository metadata, run logs, and code-index data | Confirmed |
| Stripe | Ireland (EU); see transfer note below | Payment processing: paid plans are billed through Stripe; card data is handled by Stripe, not stored by us | Billing contact and subscription identifiers; card data held by Stripe | Confirmed |
| Microsoft | To be finalized | Email delivery: account and notification emails (which never contain repository content) | Recipient email address and message metadata; no repository content | Being finalized |
Note on Stripe: the contracting entity for EU customers is Stripe Payments Europe, Ltd., Ireland. Transfers to Stripe, Inc. (USA) may occur under the EU-US Data Privacy Framework and Standard Contractual Clauses, as set out in Stripe's own data processing agreement.
Note on Microsoft (email delivery): the exact contracting entity and service configuration are being finalized. This row is listed proactively, and the entry will be completed via the change-notification mechanism below.
Not a sub-processor: LLM providers
The Customer's LLM provider (for example Anthropic, OpenAI, Google, OpenRouter, Groq, DeepSeek, or any OpenAI-compatible endpoint) is not a sub-processor of Fragon Studios e.U.
- The service is bring-your-own-key: the Customer configures its own API key and contracts directly with the LLM provider.
- The agent's model calls are forwarded through an egress proxy that does not log or persist request or response bodies. The Customer's own contract with the provider governs that data, and the provider's logs and bill are the complete record.
- The LLM provider is therefore a recipient chosen and contracted by the Customer as controller, not a processor engaged by us.
Change notification
We maintain this list and notify Customers at least 30 days in advance of any addition or replacement of a sub-processor, giving the opportunity to object on reasonable data protection grounds before the change takes effect, as set out in the DPA, clause 8.