Trust & Compliance
Sub-processors
SikkerKey engages the following third-party sub-processors for the provision of the Service. Each processes data on our behalf under a data processing agreement compliant with Article 28 of the GDPR. This register is updated when sub-processors change; material changes are communicated at least 30 days in advance.
Sub-processor register
3 ACTIVE · GDPR ART. 28
| Sub-processor | Purpose | Data processed | Location | Transfer mechanism |
|---|---|---|---|---|
Hetzner Online GmbHwww.hetzner.com | Production infrastructure hosting (application servers, databases, file storage) | Production application data, including encrypted secrets, account data, audit logs, and session data. Database backups are stored on SikkerKey-operated infrastructure (see below). | Germany · EU Germany (EU) | Not applicable (data remains in the EU) |
Cloudflare, Inc.www.cloudflare.com | DNS, DDoS protection, CDN, and TLS termination | IP addresses, HTTP request metadata (headers, paths, methods), and TLS connection data in transit | Global edge Global edge network. TLS termination occurs at the Cloudflare POP nearest the connecting client, which may be located outside the EU. | Standard Contractual Clauses + EU-U.S. Data Privacy Framework |
Stripe, Inc.stripe.com | Payment processing, subscription billing, and invoice management | Email address, Stripe customer ID, subscription metadata. Payment card details, billing addresses, and invoices are managed exclusively by Stripe and are never stored on SikkerKey systems. | United States United States (EU-U.S. Data Privacy Framework) | Standard Contractual Clauses + EU-U.S. Data Privacy Framework |
Self-operated infrastructure
In addition to the third-party sub-processors above, SikkerKey operates the following infrastructure directly. No third party processes data on our behalf at this location.
- Backup server. Encrypted backups are kept on a server SikkerKey owns and runs directly, in Denmark (EU). It is kept separate from any hosting provider, and no sub-processor can reach it. The backups use the same encryption as live data, so the media on its own can't be read.
Data not shared with sub-processors
The data most worth protecting never reaches a sub-processor at all.
- Your secrets. Where your secrets are stored, they sit encrypted, and the keys that unlock them are kept apart from the stored data and never handed to a provider. A provider that can see the stored data still can't read what's inside.
- Your machine keys. Each machine's Ed25519 private key is created on that machine and never leaves it. SikkerKey only receives the public half, which can't be used to act as your machine.
- Your IP addresses. When SikkerKey checks where a request came from, the lookup runs on our own servers. Your IP addresses are never sent to an outside location service.