Data Subprocessors
Last Updated: October 6, 2025
Overview
Achilleus uses the following third-party service providers ("subprocessors") to help deliver our security monitoring service. Each subprocessor has been carefully selected and operates under strict data protection agreements.
Active Subprocessors
1. Stripe, Inc.
- Purpose: Payment processing and subscription management
- Data Processed: Name, email address, payment card information
- Location: United States (with EU data residency options)
- Safeguards: PCI DSS Level 1 certified, EU-US Data Privacy Framework, Standard Contractual Clauses
- Privacy Policy: https://stripe.com/privacy
2. Resend
- Purpose: Transactional email delivery
- Data Processed: Email address, name, notification preferences
- Location: European Union
- Safeguards: GDPR compliant, Data Processing Agreement in place
- Privacy Policy: https://resend.com/legal/privacy-policy
3. Laravel Cloud / AWS
- Purpose: Cloud infrastructure and hosting
- Data Processed: All application data (user accounts, domains, scan results)
- Location: European Union regions (primary)
- Safeguards: SOC 2 Type II, ISO 27001 certified, encryption at rest and in transit
- Privacy Policy: https://aws.amazon.com/privacy/
4. PostgreSQL Database
- Purpose: Primary data storage
- Data Processed: All application data
- Location: European Union (managed by Laravel Cloud/AWS)
- Safeguards: Encrypted at rest, access controls, automated backups
- Documentation: Part of Laravel Cloud infrastructure
Subprocessor Changes
We will notify customers of any new subprocessors or changes to existing ones by:
- Updating this page with 30 days advance notice
- Email notification for material changes
- Providing opportunity to object before changes take effect
Data Processing Agreements
We maintain Data Processing Agreements (DPAs) with all subprocessors that handle personal data. Enterprise customers may request copies by contacting support@achilleus.so.
Contact
For questions about our subprocessors: support@achilleus.so