Introduction

List of subprocessors handling personal data

Lists Duale AI's subprocessors—including Hetzner, Cloudflare, Stripe, and Crisp—showing data types processed, locations, transfer safeguards, and notice periods.

This page lists Duale AI’s subprocessors handling personal data, details the data categories each processes, their processing locations, and transfer safeguards, and explains notice periods for changes, authentication and AI model responsibilities, and contact points for privacy inquiries.

  • Duale AI emails customers 30 days before adding or replacing EEA‑based subprocessors and 90 days for non‑EEA subprocessors; objections go to contact+legal@mail.duale.ai.
  • Hetzner Online GmbH hosts Duale AI’s application infrastructure in Germany, processing account, authentication, usage and technical‑log data, with no transfers outside the EEA.
  • Cloudflare provides website hosting, CDN and network protection, processing IPs, user‑agents, URLs and security logs; transfers rely on the Data Privacy Framework or 2021 SCCs.
  • Stripe Payments Europe handles payment processing, storing banking data and email addresses in Ireland and the U.S.; transfers use the EU‑US Data Privacy Framework or 2021 SCCs.
  • Duale AI does not store credit card numbers and does not use third‑party analytics or monitoring services that collect personal data.

Summaries were generated by AI. Generative AI is experimental.

Introduction

List of subprocessors that may process personal data to provide, host, or secure Duale AI services.

Changes

Duale AI notifies Customers by email before any addition or replacement:

  • 30 days prior notice for European Economic Area-based subprocessors
  • 90 days prior notice for subprocessors outside the European Economic Area

Objections: contact+legal@mail.duale.ai

International Transfers

Transfers outside the European Economic Area rely on the Data Privacy Framework where it applies, or on the 2021 standard contractual clauses with supplementary measures where required.

Infrastructure, Hosting and Network Security

SubprocessorService ProvidedPersonal Data ConcernedProcessing LocationTransfer Safeguards
Hetzner Online GmbHHosting of Duale AI application infrastructureAccount, authentication and usage data, content needed for the service, technical logsGermany, European Economic AreaNo transfer outside the European Economic Area for this processing
Cloudflare, Inc.Website hosting, content delivery and network protectionIP address, user agent, URL, request headers, traffic metadata, security logsCloudflare global networkData Privacy Framework where it applies; 2021 standard contractual clauses with supplementary measures where required
  • Subprocessor
    Hetzner Online GmbH
    Service Provided
    Hosting of Duale AI application infrastructure
    Personal Data Concerned
    Account, authentication and usage data, content needed for the service, technical logs
    Processing Location
    Germany, European Economic Area
    Transfer Safeguards
    No transfer outside the European Economic Area for this processing
  • Subprocessor
    Cloudflare, Inc.
    Service Provided
    Website hosting, content delivery and network protection
    Personal Data Concerned
    IP address, user agent, URL, request headers, traffic metadata, security logs
    Processing Location
    Cloudflare global network
    Transfer Safeguards
    Data Privacy Framework where it applies; 2021 standard contractual clauses with supplementary measures where required

Authentication

Authentication is operated internally on Hetzner infrastructure in Germany. No external identity provider is used.

Artificial Intelligence Services

Customer chooses and contracts directly with model providers. These providers are not subprocessors imposed by Duale AI.

Duale AI internally processes routing and contextual memory on Hetzner infrastructure in Germany. Data is not reused outside the Customer context, for training, or for statistics.

Payment and Billing

SubprocessorService ProvidedPersonal Data ConcernedProcessing LocationTransfer Safeguards
Stripe Payments Europe, Ltd.Payment processingBanking data, email addressIreland / United StatesEuropean Union-United States Data Privacy Framework where applicable; 2021 standard contractual clauses and supplementary measures where required
  • Subprocessor
    Stripe Payments Europe, Ltd.
    Service Provided
    Payment processing
    Personal Data Concerned
    Banking data, email address
    Processing Location
    Ireland / United States
    Transfer Safeguards
    European Union-United States Data Privacy Framework where applicable; 2021 standard contractual clauses and supplementary measures where required

Note: Duale AI does not store credit card numbers.

Communication and Support

SubprocessorService ProvidedPersonal Data ConcernedProcessing LocationTransfer Safeguards
Crisp IM SASCustomer support, chatEmail, name, ticket contentEuropean Economic AreaNo transfer outside the European Economic Area indicated
  • Subprocessor
    Crisp IM SAS
    Service Provided
    Customer support, chat
    Personal Data Concerned
    Email, name, ticket content
    Processing Location
    European Economic Area
    Transfer Safeguards
    No transfer outside the European Economic Area indicated

Analytics and Monitoring

Duale AI does not use third-party analytics or monitoring services that collect personal data.

Contact

IntroductionChangesInternational TransfersInfrastructure, Hosting and Network SecurityAuthenticationArtificial Intelligence ServicesPayment and BillingCommunication and SupportAnalytics and MonitoringContact
Last updatedJune 7, 2026