PExcis Pulse by Excis
Talk to sales Start free trial
Legal / Sub-processors

Sub-processors

Every third party that processes Customer Data on our behalf, and where they sit. We update this page at least 30 days before any change takes effect.

Last updated: 12 May 2026 · Want to be notified of changes? Email [email protected]

Scope of this list

This page lists third parties that may process Customer Data (as defined in our DPA) on Excis's behalf in delivering the Pulse product. It does not list every supplier Excis uses internally — only those that touch Customer Data.

Important: none of the Tier 1 infrastructure sub-processors below stores Customer Data outside the European Union. The operational and website tier may process limited account or support metadata in the UK, the US or India under appropriate transfer mechanisms — flagged below.

Infrastructure (Tier 1 — Customer Data)

These vendors host or directly process the data the Pulse agent produces.

Sub-processorPurposeLocationTransfer mechanism
Hetzner Online GmbH Primary compute, storage and database hosting (Pulse production) Frankfurt, Germany 🇩🇪 Within EU — none required
LeaseWeb Netherlands B.V. Disaster-recovery replica & encrypted backups Amsterdam, Netherlands 🇳🇱 Within EU — none required
Bunny.net d.o.o. Static asset CDN for dashboard JavaScript & CSS (no Customer Data passes through it) EU PoPs only (geo-restricted) Within EU — none required
Cloudflare, Inc. DDoS protection and TLS termination at marketing-site edge (Pulse ingest does not traverse Cloudflare) EU edge PoPs; metadata may be processed in the US EU SCCs (Module 2), UK Addendum, Cloudflare DPA

Operational tooling

Internal tools that may incidentally process Customer Data (e.g. when a customer attaches a screenshot to a support ticket).

Sub-processorPurposeLocationTransfer mechanism
Zammad GmbH Self-hosted support ticketing (we operate the Zammad instance ourselves) Frankfurt, Germany 🇩🇪 Within EU — none required
OVHcloud SAS Inbound & outbound transactional email for account notifications Roubaix, France 🇫🇷 Within EU — none required
Sentry GmbH (self-hosted) Application error monitoring — Pulse runs Sentry on our own EU infrastructure Frankfurt, Germany 🇩🇪 Within EU — none required
Excis Compliance Ltd. (UK & IN service desks) Excis personnel located in the UK and India may handle support tickets and view limited metadata (no production access to Customer Data) UK 🇬🇧, India 🇮🇳 UK adequacy decision; intra-group EU SCCs for India

Website & sales (no product data)

These sub-processors only touch website-visitor and prospect data — never the Pulse product dataset.

Sub-processorPurposeLocationTransfer mechanism
Plausible Insights OÜ Cookie-less analytics for this website (only loads with consent) Frankfurt, Germany 🇩🇪 Within EU — none required
HubSpot Ireland Ltd. CRM for inbound sales contacts Frankfurt, Germany (EU data centre) 🇩🇪 Within EU; HubSpot intra-group SCCs for support

Payments

Sub-processorPurposeLocationTransfer mechanism
Stripe Payments Europe Ltd. Card processing for online subscriptions Dublin, Ireland 🇮🇪 Within EU — none required
GoCardless Ltd. SEPA & BACS direct debit for European customers London, United Kingdom 🇬🇧 UK adequacy decision

Get notified of changes

The Customer is entitled, under the DPA, to at least 30 days' advance notice before Excis engages a new sub-processor that may process Customer Data. To subscribe to those notifications:

  • Email [email protected] with the subject "Subscribe to sub-processor updates" — we maintain a one-way notification list.
  • Or subscribe to the RSS feed at /legal/subprocessors.rss (coming soon).

If you object to a new sub-processor on reasonable data-protection grounds, follow the procedure in section 6 of the DPA.