# Thauth Subprocessor Policy _Last Updated: April 22, 2026_ This Subprocessor Policy describes the third-party service providers (“Subprocessors”) that Thauth (“Thauth”, “we”, “us”) engages to process Customer Data on behalf of its customers. This Policy applies in conjunction with the Terms of Service and Data Processing Agreement (“DPA”). --- ## 1. Purpose Thauth uses Subprocessors to support the delivery, operation, and security of the Service. Subprocessors may process Customer Data only for the specific purposes described in this Policy. --- ## 2. Subprocessor Definition A “Subprocessor” is any third party engaged by Thauth to process Customer Data on behalf of Customers. --- ## 3. Current Subprocessors Thauth currently uses the following Subprocessors: | Subprocessor | Purpose | Data Involved | |-------------|--------|--------------| | Contabo | Infrastructure hosting (VPS, storage) | Customer Data, logs, system data | | Polar | Payment processing (Merchant of Record) | Billing data, customer account data | | Resend | Transactional email delivery | Email addresses, communication data | --- ## 4. Subprocessor Obligations Thauth ensures that each Subprocessor: - Processes data only on documented instructions - Implements appropriate security measures - Is bound by contractual obligations consistent with this Policy and the DPA - Provides sufficient guarantees of data protection compliance Thauth remains responsible for the performance of its Subprocessors. --- ## 5. Changes to Subprocessors Thauth may update its list of Subprocessors from time to time. Where required by applicable law or contractual commitments: - Customers will be notified of material changes - Notification may be provided via: - Email - Dashboard notice - Public update to this Policy --- ## 6. Customer Objection Rights Where required by applicable data protection laws: - Customers may object to the addition of a new Subprocessor on reasonable grounds related to data protection If an objection is raised: - Thauth will work in good faith to address concerns - If no resolution is possible, Customer may discontinue use of the Service --- ## 7. International Data Transfers Subprocessors may process data outside the Customer’s jurisdiction. Where required, Thauth ensures that appropriate safeguards are in place, including: - Standard Contractual Clauses (SCCs) - Equivalent legal mechanisms --- ## 8. Data Access and Minimization Subprocessors are granted access only to the data necessary to perform their specific function. Thauth applies principles of: - Data minimization - Purpose limitation --- ## 9. Security and Compliance Thauth selects Subprocessors based on their ability to support: - Secure infrastructure - Reliable service delivery - Compliance with applicable data protection laws --- ## 10. Relationship with DPA This Policy supplements the Data Processing Agreement. In the event of conflict, the DPA shall prevail. --- ## 11. Updates This Subprocessor Policy may be updated from time to time. The latest version will always be available publicly.