Last updated: June 8, 2026
Where you use LeakRadar to monitor your organisation’s domains and assets, RADAR FORGE (operating LeakRadar) acts as your data processor and engages the third-party sub-processors below to help deliver the service. This page reproduces Annex 2 of our Data Processing Agreement; in case of any conflict, the DPA prevails.
Personal data central to the service (account and monitoring data) is hosted within the EU/EEA. Some sub-processors are located outside the EEA or may process limited data (such as an email address, IP address or support-chat content) outside the EEA; where that happens, an appropriate Chapter V GDPR transfer mechanism applies, as shown in the table.
| Sub-processor | Purpose | Location | Transfer mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Hosting and infrastructure (data centre: Finland) | Germany / Finland | Intra-EU/EEA |
| OVH SAS | Hosting and infrastructure | France | Intra-EU/EEA |
| Stripe Payments Europe, Ltd. | Card payment processing | Ireland | Intra-EU/EEA |
| Railsware Products Studio LLC (Mailtrap) | Transactional email delivery | USA | EU-U.S. Data Privacy Framework |
| Zoho Corporation B.V. (Zoho Mail) | Business email hosting (contact@leakradar.io inbox) | Netherlands | Intra-EU/EEA; EU-U.S. DPF / SCCs for any US group-entity access |
| PostHog, Inc. (PostHog Cloud EU) | Product analytics | Germany / Frankfurt | Intra-EU/EEA |
| Google Ireland Limited / Google LLC (Google Analytics, Google Ads) | Audience analytics and advertising conversion measurement (public website and members application) | Ireland / USA | EU-U.S. Data Privacy Framework (Google LLC) / SCCs |
| tawk.to Inc. | Live chat and customer support | USA | EU-U.S. DPF / SCCs |
| Cloudflare, Inc. | CDN, DNS and network security | EU / USA | EU-U.S. DPF / SCCs |
| FD Transfers LLC (NOWPayments) | Cryptocurrency payment processing | Saint Vincent and the Grenadines | SCCs |
| Slack Technologies LLC | Optional notification channel (Controller-operated webhook) | USA | SCCs |
| Discord Inc. | Optional notification channel (Controller-operated webhook) | USA | EU-U.S. DPF / SCCs |
| Telegram FZ-LLC | Optional notification channel (Controller-operated bot/webhook) | United Arab Emirates | Channel selected and operated by the Controller |
Notification channels (Slack, Discord, Telegram and any webhook endpoint) are activated only where you configure them in your account, including the level of detail transmitted. Where you route credential-level notifications to a channel of your choice, you act as the operator of that channel and remain responsible for the lawfulness of the resulting onward processing. To keep credential-level detail within the EEA, configure email or webhook endpoints you operate in the EEA and do not activate channels such as Telegram, Discord or Slack for credential-level payloads.
We notify customers at least thirty (30) days before adding or replacing a sub-processor, giving you the opportunity to object on reasonable data-protection grounds (DPA, Section 6.2). To receive change notices, write to contact@leakradar.io.