Reglyze

Data Processing Agreement (DPA)

Last updated : 16 de julho de 2026

When you use Reglyze to manage your organisation's compliance, you are the data controller and Reglyze acts as a processor under Article 28 GDPR. This document describes that processing. A signable version is available on request at [email protected].

Subject-matter and duration

Reglyze processes your organisation's data solely to provide the service, for the duration of your subscription and per your documented instructions.

Nature of the data

Your organisation's compliance data: assessments, documents, incidents, suppliers, and data of members you invite (name, email, role).

Our commitments

  • Confidentiality and processing on your instructions only.
  • Appropriate technical and organisational security measures.
  • Assistance with your obligations (data-subject rights, breaches, impact assessments).
  • Notification without undue delay in case of a data breach.
  • Deletion or return of data at the end of the contract.

Sub-processors

We use the sub-processors listed below. We will inform you of any change so you can object. Transfers outside the EU rely on appropriate safeguards.

Sub-processor list

Sub-processorPurposeLocation
Hetzner Online GmbHApplication & database hostingGermany (EU)
Scaleway SASEncrypted backup storageFrance (EU)
Cloudflare, Inc.CDN, network & reverse-proxy protectionUnited States / global network
Stripe Payments Europe, Ltd.Payment & billing processingIreland (EU) / United States
Anthropic, PBCAI document generation & analysisUnited States
Mistral AI SASAI generation (sovereign migration in progress)France (EU)
Voyage AISemantic embeddings of the regulatory knowledge baseUnited States
Resend, Inc.Transactional email deliveryUnited States
Calendly, LLCMeeting scheduling (public site only)United States

Transfers to sub-processors outside the EU rely on appropriate safeguards (Standard Contractual Clauses and/or the EU-US Data Privacy Framework).