Sub-processors
Last updated: 9 July 2026
Where ProofProtect processes personal data on behalf of a Customer (see our Privacy Policy and Data Processing Agreement), we engage the following sub-processors. Each is bound by a data-processing agreement with protections consistent with ours, including Standard Contractual Clauses for transfers out of the EU/UK where required.
| Sub-processor | Purpose | Personal data involved | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing, subscriptions, and marketplace payouts (Stripe Connect) | Billing name/email, payment method details (card data is held by Stripe, never by us), transaction history | United States / global |
| Cloudflare, Inc. (R2) | Object storage and delivery of gallery content; CDN and network security | Uploaded photographs and packaged media, storage metadata | Region-pinned buckets: Oceania, North America, Asia-Pacific, Western & Eastern Europe (chosen by uploader location) |
| Amazon Web Services (S3, Secrets Manager) | Legacy object storage and infrastructure secrets management | Uploaded photographs (legacy galleries), infrastructure configuration | Australia (ap-southeast-2) |
| Resend, Inc. | Transactional and (opt-in) product-update email delivery | Recipient name and email address, email content | United States |
| Intercom, Inc. | In-product support chat (loads only with cookie consent) | Name, email, and messages of users who use the messenger | United States / EU |
| Axinom GmbH | Widevine DRM licence issuance for protected gallery playback | Content-key requests (device DRM identifiers); no account identity is shared | Germany / EU |
Self-hosted components — our application servers, PostgreSQL database, FairPlay licence server, and media-packaging pipeline — run on infrastructure we operate and are not third-party sub-processors.
Change notifications
We update this page before engaging a new sub-processor. Customers who want advance notice by email can subscribe by writing to support@guardedcontent.com.auwith the subject “Sub-processor notifications”. If you object to a new sub-processor on reasonable data-protection grounds, contact us and we will work with you on a resolution as described in the DPA.