SUB-PROCESSORS

To operate the Citrux Hosting service we share limited personal data with the trusted third parties listed below. Each entity is contractually bound by a Data Processing Agreement (DPA) that requires equivalent or stronger protections than our own Privacy Policy. We give 30 days advance notice of changes to this list by updating this page; you can subscribe to changes by emailing legal@citruxhosting.com with the subject "Subscribe sub-processor updates".

This list forms part of our Privacy Policy.

Sub-processor	Purpose	Personal data shared	Region
Stripe, Inc.	Payment processing, subscription billing, refunds, tax calculation	Name, email, billing address, partial card data, IP, transaction history	United States (with GDPR SCCs)
Clerk, Inc.	User authentication, session management, MFA, passkeys, SSO (Google)	Email, name, IP, device fingerprint, hashed credentials, MFA factors	United States (with GDPR SCCs)
Supabase Inc.	Primary database (Postgres), file storage, realtime websockets	All account data, server metadata, support ticket bodies, audit logs	United States — us-east-1
Vercel, Inc.	Web hosting, serverless functions, edge cache, deployment platform	Request logs (IP, user agent, path), cached HTML	United States + global edge
Cloudflare, Inc.	DDoS mitigation, WAF, DNS, CDN, R2 object storage	IP, request headers, TLS fingerprint	United States + global edge
Pterodactyl (self-hosted)	Game-server orchestration on our infrastructure	Server metadata, SFTP credentials, in-game console output	Operated by Citrux Hosting on Cloudflare-fronted nodes
Resend.com	Transactional email (receipts, password resets, ticket replies)	Email address, message content	United States
PostHog Inc.	Product analytics, session replay (consent-gated)	Anonymous events, IP (truncated), user-agent, masked DOM snapshots	United States — us.i.posthog.com
Inngest, Inc.	Background job orchestration (provisioning, webhooks, retries)	Job payloads (may include user IDs, server IDs)	United States
Yubico AB	OTP / U2F validation for hardware-key MFA (when used)	OTP token, public ID	Sweden (EU)
Better Stack / Better Uptime	Uptime monitoring of public endpoints (status page)	None — synthetic checks only	Czech Republic (EU)
OpenAI, L.L.C.	Optional AI assistance for support triage (when explicitly enabled per ticket)	Ticket subject + body, redacted	United States — zero retention via API

INTERNATIONAL TRANSFERS

For sub-processors located outside the EEA / UK / Switzerland we rely on the EU Standard Contractual Clauses (SCCs) — Module Two (Controller → Processor) combined with supplementary technical measures (TLS 1.3 in transit, AES-256 at rest, encrypted backups). Where applicable we additionally rely on the EU–US Data Privacy Framework for transfers to certified US recipients.

CHALLENGING A SUB-PROCESSOR

You may object to our use of a particular sub-processor for legitimate reasons by emailing legal@citruxhosting.com. We will work with you in good faith — possible outcomes include moving your workload to an alternative region, terminating the contract with refund of any prepaid period, or (in rare cases) declining the objection where the sub-processor is essential to delivering the service.

DATA RETENTION SUMMARY

See the Privacy Policy — Data Retention section for the full schedule. Sub-processors hold data only as long as we instruct, with the following key windows:

• Stripe — transaction records: 7 years (US tax law)
• Clerk — auth events: 90 days, account profile: until account deletion
• Supabase — primary records: until account deletion + 30-day backup window
• Cloudflare / Vercel — request logs: 30 days
• Resend — sent email metadata: 30 days
• PostHog — product events: 12 months, session replays: 30 days

---

Last updated: 11 May 2026.