Data Processing Agreement (DPA)
Last updated : 16 luglio 2026
When you use Reglyze to manage your organisation's compliance, you are the data controller and Reglyze acts as a processor under Article 28 GDPR. This document describes that processing. A signable version is available on request at [email protected].
Subject-matter and duration
Reglyze processes your organisation's data solely to provide the service, for the duration of your subscription and per your documented instructions.
Nature of the data
Your organisation's compliance data: assessments, documents, incidents, suppliers, and data of members you invite (name, email, role).
Our commitments
- Confidentiality and processing on your instructions only.
- Appropriate technical and organisational security measures.
- Assistance with your obligations (data-subject rights, breaches, impact assessments).
- Notification without undue delay in case of a data breach.
- Deletion or return of data at the end of the contract.
Sub-processors
We use the sub-processors listed below. We will inform you of any change so you can object. Transfers outside the EU rely on appropriate safeguards.
Sub-processor list
| Sub-processor | Purpose | Location |
|---|---|---|
| Hetzner Online GmbH | Application & database hosting | Germany (EU) |
| Scaleway SAS | Encrypted backup storage | France (EU) |
| Cloudflare, Inc. | CDN, network & reverse-proxy protection | United States / global network |
| Stripe Payments Europe, Ltd. | Payment & billing processing | Ireland (EU) / United States |
| Anthropic, PBC | AI document generation & analysis | United States |
| Mistral AI SAS | AI generation (sovereign migration in progress) | France (EU) |
| Voyage AI | Semantic embeddings of the regulatory knowledge base | United States |
| Resend, Inc. | Transactional email delivery | United States |
| Calendly, LLC | Meeting scheduling (public site only) | United States |
Transfers to sub-processors outside the EU rely on appropriate safeguards (Standard Contractual Clauses and/or the EU-US Data Privacy Framework).