Last updated: 2026-04-21 · Version: 1.0
This page lists all third-party services ("Sub-processors") that EGGlogU / FarmLogU engages to help deliver the Service. Each Sub-processor has access only to the data strictly necessary for their function, and each is bound by confidentiality and data-protection obligations.
Notice of new Sub-processors: We will post new Sub-processors here at least
30 days before engaging them. Customers under a Data Processing Agreement (DPA) may object on reasonable data-protection grounds during that window by writing to
[email protected] .
Infrastructure & hosting
Sub-processor Purpose Location Data processed DPA / Legal
Hetzner Online GmbH Primary VPS hosting, database, application runtime
Germany (EU) All production data (encrypted at rest)
DPA
Cloudflare, Inc. CDN, DDoS protection, DNS, WAF, Pages hosting (frontend)
Global edge IP addresses, user-agents, request logs (90-day retention)
DPA
Authentication & identity
Sub-processor Purpose Location Data processed DPA / Legal
Google LLC OAuth 2.0 identity provider (optional sign-in with Google)
USA (SCCs) Email, name, profile picture (only with user consent)
DPA
Apple Inc. Sign in with Apple (optional)
USA (SCCs) Anonymous relay email, name (user's choice)
Apple Developer Agreement
Microsoft Corporation Microsoft OAuth (optional)
USA (SCCs) Email, name (only with user consent)
DPA
Payments
Sub-processor Purpose Location Data processed DPA / Legal
Stripe, Inc. Payment processing, subscription management, invoicing
USA, Ireland (EU) Name, billing address, email, card data (tokenized — never stored by us)
DPA
Communications
Sub-processor Purpose Location Data processed DPA / Legal
Resend, Inc. Transactional email (signup verification, password reset, invoices)
USA (SCCs) Email address, email content
DPA
AI & machine learning
Sub-processor Purpose Location Data processed DPA / Legal
Anthropic, PBC Claude API — LogU AI (veterinary Q&A), Vision OCR (photo-reading), AI-assisted features
USA (SCCs) User questions, farm context snippets, photo content (termómetro/higrómetro only). No training on customer data per Anthropic policy.
DPA
Observability & monitoring
Sub-processor Purpose Location Data processed DPA / Legal
Functional Software, Inc. (Sentry) Error tracking, performance monitoring
USA (SCCs) Error messages, stack traces, user-agent, URL, anonymized user ID
DPA
UptimeRobot Uptime monitoring (public endpoints only)
USA No personal data — only HTTP probes to public URLs
Terms
Not a Sub-processor
Services below interact with our system but do not process Personal Data on our behalf:
GitHub — source code hosting (we push code; GitHub sees code, not customer data)Anthropic Claude Code — developer AI tool (sees our code/docs; not customer data)INAPI (Chile) — trademark registryAdvisor services, legal counsel — under separate confidentiality
Data flows summary
Customer data flows for a typical user interaction:
Customer browser
→ Cloudflare edge (caches static assets)
→ Hetzner VPS (EGGlogU backend)
→ PostgreSQL (user data, encrypted at rest)
→ Redis (cache, rate limits — short-lived)
→ Qdrant (LogU RAG vectors — public domain knowledge only)
→ Anthropic API (LogU AI text) [SCCs]
→ Anthropic API (Vision OCR) [SCCs]
→ Stripe API (billing) [own DPA]
→ Resend API (emails) [SCCs]
→ Sentry (on errors only) [SCCs]
Data retention
Data type Retention Active customer data For duration of subscription + 30 days after cancellation Backups 14 days rolling Audit logs (mutations) 7 years (compliance) Access logs 90 days AI conversation logs (LogU) 90 days Sentry error data 90 days Uptime metrics 365 days
Questions about sub-processors or to object to a new one: [email protected]
© 2026 EGGlogU — A FarmLogU product