Data Processing
Last updated: June 11, 2026
This is a courtesy translation. The German version is the legally binding document.
Overview
When your organization uses Relpin to build and run internal tools, your organization is the controller of the data processed in its applications, and Relpin acts as a processor within the meaning of Art. 28 GDPR. This page summarizes how that processing is organized and which subprocessors are involved.
Data Processing Agreement (DPA)
We offer a Data Processing Agreement (Auftragsverarbeitungsvertrag, AVV) pursuant to Art. 28 GDPR to all customers. To execute a DPA for your organization, contact us at privacy@relpin.com. Where subprocessors are based outside the EU/EEA, transfers are safeguarded by EU Standard Contractual Clauses (Art. 46(2)(c) GDPR).
Subprocessors
We use the following subprocessors to provide the Service:
| Provider | Purpose | Location / Safeguard |
|---|---|---|
| Cloudflare, Inc. | Hosting, CDN, edge runtime, artifact storage, build and preview sandboxes | Global network; EU Standard Contractual Clauses in place |
| Neon, Inc. | PostgreSQL databases (control plane and per-organization data plane) | EU region — Frankfurt am Main, Germany (AWS eu-central-1) |
| Upstash, Inc. | Session store and rate limiting (Redis) | EU Standard Contractual Clauses in place |
| Polar Software, Inc. | Payment processing and subscription billing (merchant of record) | Processes payment data under its own privacy policy |
If your organization enables AI-assisted authoring, requests are sent to the AI provider configured by your organization using your organization's own credentials. The provider your organization selects processes those requests under its own terms.
Data Residency & Isolation
Application and database data is stored in the EU (Frankfurt am Main, Germany). Each organization receives a dedicated Postgres database with per-environment schemas. Secrets are referenced server-side only and never reach the browser or user code. Row-level changes are captured in an append-only audit table enforced by database privileges.
Changes to This List
We update this page when subprocessors are added or replaced. Customers with an executed DPA are notified of material changes in advance and may object as provided in the DPA.
Contact
Kaiser-Joseph-Str. 254
79098 Freiburg im Breisgau
Germany
Email: privacy@relpin.com
Last updated: June 11, 2026