Image-Charts GDPR sub-processor

Last update: 21 May 2026

Image-Charts engages the third-party sub-processors listed below to operate the chart and QR code rendering API. This page publishes the current list under the general written authorisation set out in our Data Processing Addendum (DPA), in accordance with Article 28(2) of the General Data Protection Regulation.

Subprocessor	Country of processing
Google Inc.	USA, Europe, Asia

Processing of Customer Content: We work with various subprocessors that monitor, maintain and otherwise support the Application Services. In order to provide this functionality these subprocessors may, but not necessarily will, have access to Customer Content:

For any question on this list, to receive the DPA template, or to request copies of the Standard Contractual Clauses: dpo@image-charts.com.

Sub-processor	Service	Country	Transfer mechanism
Google LLC / Google Cloud EMEA Limited	Infrastructure, monitoring and reporting	European Union (Belgium, Frankfurt)	EU storage. For support access from outside the EEA: EU-US Data Privacy Framework + Standard Contractual Clauses (Module 3).
Cloudflare, Inc.	DNS, CDN, TLS termination, edge security	Global edge (transient, no persistent storage)	EU-US Data Privacy Framework + Standard Contractual Clauses (Module 3).
GitLab, Inc.	Backend repository and CI/CD for the Image-Charts Platform. No Subscriber Content processed.	United States	Standard Contractual Clauses (Module 3) under the GitLab DPA.

What are your sub-processors, as defined by the GDPR?

Chart API

Product

SDKs

Integrations

Company

Newsletter - Changelog