Sub-processor List
Third-party services that process personal data on behalf of WORQABLE BV (operator of QRabl).
Sub-processor List
The QRabl Service is operated by WORQABLE BV (Kerkstraat 120, 2060 Antwerp, Belgium — BCE 0746.698.674). This page lists every Sub-processor we engage to provide the Service. Our data plane is EU-resident end-to-end: database, authentication, file storage, web hosting, email, analytics, billing, and bot protection all run on our own infrastructure in Germany or on EU-hosted partners. The only exceptions are AI inference and embeddings, where we use US-based providers under SCCs and the EU-US Data Privacy Framework.
We notify Customers at least 30 days before adding a new Sub-processor (per §4.4 of the Algemene Voorwaarden and the DPA).
Current Sub-processors
| Sub-processor | Purpose | Personal data processed | Hosting / location | Country of processing | Transfer mechanism | Sub-processor's DPA |
|---|---|---|---|---|---|---|
| Supabase (self-hosted) | Database, authentication, file storage | All platform data | Hetzner Falkenstein, Germany | DE | EU residency | Self-hosted (operated by WORQABLE) |
| Coolify (self-hosted) | Web application hosting | HTTP request logs, runtime | Hetzner Falkenstein, Germany | DE | EU residency | Self-hosted (operated by WORQABLE) |
| Mailjet (Sinch) | Transactional + marketing email | Email addresses, names, company | Paris, France | FR | EU residency | mailjet.com/legal/dpa |
| Umami (self-hosted) | Cookieless web analytics | Aggregate page-views (no PII) | Hetzner Falkenstein, Germany (analytics.worqable.com) | DE | EU residency | Self-hosted |
| WQ SaaS (self-hosted) | Billing engine (ERPNext-backed) | Subscription, invoices, VAT data, Peppol metadata | Hetzner Falkenstein, Germany (erp.worqable.com) | DE | EU residency | Self-hosted |
| ALTCHA (self-hosted) | Proof-of-work bot protection | Challenge tokens (no PII) | Hetzner Falkenstein, Germany (altcha.worqable.com) | DE | EU residency | Self-hosted |
| Sentry | Error monitoring (opt-in) | Error stack traces (no user PII by configuration) | EU region | EU | EU residency (Sentry EU SaaS) | sentry.io/legal |
| Anthropic, PBC | AI features — consumer chat + dashboard copilot + RAG inference | Label content, consumer chat messages, dashboard prompts | United States | US | EU-US DPF + SCCs (Module 2, Decision 2021/914) | anthropic.com/legal/commercial-terms + Workspace API DPA |
| OpenAI, L.L.C. | AI embeddings only (RAG vector search) | Text chunks for embedding | United States | US | EU-US DPF + SCCs (Module 2) — Zero Data Retention enabled where supported | openai.com/policies/data-processing-addendum |
| DeepL SE | Premium translation engine (opt-in) | Product text for translation | Cologne, Germany | DE | EU residency | deepl.com/en/pro-data-security |
| Pexels GmbH | Stock image search proxy (server-side) | Search keywords (no user PII) | EU endpoint | EU | EU residency | Pexels Pro Terms |
Infrastructure provider (not a Sub-processor of personal data)
| Provider | Purpose | Data processed |
|---|---|---|
| Hetzner Online GmbH | Bare-metal server hosting (compute + storage) | Storage of encrypted volumes; no logical access to personal data on WORQABLE's behalf |
Hetzner provides infrastructure-as-a-service (rack space, power, network, hypervisor). Under Article 28 GDPR + EDPB Guidelines 7/2020 on the concepts of controller and processor, infrastructure providers that do not access the data plane on the controller's behalf are not Sub-processors of the Customer's personal data. We disclose Hetzner here for transparency.
Hetzner certifications: ISO 27001, ISO 9001. EU-resident jurisdiction. SCCs not required (EU-internal).
Customer choice — what's optional, what's not
- AI features are optional. You can disable AI (consumer chat, dashboard copilot, translation) at any time via Settings → Privacy & Data. With AI disabled, no data is sent to Anthropic, OpenAI, or DeepL.
- BYOK (Enterprise). Enterprise customers may provide their own Anthropic or OpenAI API keys via the platform. In that case QRabl never sees the AI usage and you become the deployer-of-record for the AI under the EU AI Act (§13.3 AV).
- Sentry is opt-in. Error reporting runs only when the relevant environment variable is configured on the deployment. Disabled by default.
- DeepL is opt-in. Premium translation routes via DeepL only when explicitly chosen by the Customer; otherwise translation uses Anthropic Claude Haiku (no DeepL transfer).
- Pexels is server-side only; we proxy keyword searches and serve results, no consumer PII is shared.
EU-US Data Privacy Framework status
We verify DPF certification of US Sub-processors quarterly via dataprivacyframework.gov:
- Anthropic, PBC — DPF-certified.
- OpenAI, L.L.C. — DPF-certified.
Standard Contractual Clauses
Where a Sub-processor is outside the EEA, transfers are made under SCCs Module 2 (controller-to-processor) of Implementing Decision (EU) 2021/914. The SCCs are referenced in DPA Annex 2; the Transfer Impact Assessment template is at DPA Annex 3.
Changes to Sub-processors
- Last updated: 28 April 2026.
- Notification period: 30 days before any new Sub-processor is added (per §4.4 AV).
- Recent material change (April 2026): Database + web hosting migrated from Supabase Cloud (AWS eu-central-1) and Netlify to self-hosted on Hetzner Germany; Resend replaced by Mailjet; Mollie replaced by self-hosted WQ SaaS; Google Analytics replaced by self-hosted Umami. Net effect: fewer third-party Sub-processors, full EU data residency, no hyperscaler dependency.
- Objection process: contact privacy@qrabl.eu within 30 days of any new Sub-processor notification.
Contact
Sub-processor inquiries: privacy@qrabl.eu.