Subprocessors List
1. Introduction
This document lists all third-party subprocessors engaged by Browser.lol (operated by Zesiger.net Individual Enterprise) to process personal data on behalf of our customers. We maintain strict controls over all subprocessors to ensure they meet our security and privacy standards.
Each subprocessor has been carefully vetted and is contractually bound to protect customer data in accordance with applicable data protection laws, including GDPR and Swiss FADP.
This list is updated whenever we engage new subprocessors or make changes to existing ones. Customers will be notified at least 30 days in advance of any changes.
2. Change Notification Process
2.1. How We Notify You
When we intend to add or replace a subprocessor, we will notify you through:
- Email notification to your registered account email address
- Dashboard notification within your account
- Update to this page with the "Last Updated" date
2.2. Your Right to Object
You have 30 days from our notification to object to the addition or replacement of a subprocessor on reasonable grounds relating to data protection. To object:
- Email [email protected] within 30 days
- Provide specific data protection concerns about the subprocessor
- We will discuss your concerns in good faith and seek a resolution
- If no resolution can be reached, you may terminate the affected Services without penalty
3. Infrastructure and Hosting Providers
Hetzner Online GmbH
Service: Primary data storage and infrastructure hosting
Data Processed: All customer data, databases, user accounts, session data, billing information, workspace metadata
Purpose: Exclusive data storage location and primary infrastructure provider for EU customers
Location: Helsinki, Finland (EU)
Data Transfer Mechanism: EU-based (no cross-border transfer)
Security Certifications: ISO 27001, various compliance standards
Privacy Policy: https://www.hetzner.com/legal/privacy-policy
OVHcloud
Service: Browser workspace compute for US customers (compute only, no persistent data storage)
Data Processed: Temporary browser session compute only. All persistent data remains in Helsinki.
Purpose: Low-latency browser workspace provisioning for US-based customers
Location: Hillsboro, Oregon, USA
Data Transfer Mechanism: Standard Contractual Clauses (SCCs)
Security Certifications: ISO 27001, SOC 2, various compliance standards
Privacy Policy: https://www.ovhcloud.com/en/personal-data-protection/
4. Payment Processing
Stripe, Inc.
Service: Payment processing and subscription management
Data Processed: Payment card metadata (last 4 digits, expiration, card type), billing information, transaction history, customer ID
Purpose: Process payments, manage subscriptions, prevent fraud
Location: United States (global operations)
Data Transfer Mechanism: EU-U.S. Data Privacy Framework (DPF), Standard Contractual Clauses
Security Certifications: PCI DSS Level 1, ISO 27001, SOC 2
Note: Stripe acts as an independent data controller for certain processing activities
Privacy Policy: https://stripe.com/privacy
5. Content Delivery and Security Services
Cloudflare, Inc.
Service: CDN, DNS, DDoS protection, Web Application Firewall (WAF), bot detection (Turnstile)
Data Processed: IP addresses, browser metadata, security logs, request headers, cookies
Purpose: Website performance optimization, security enhancement, threat protection, bot detection
Location: United States (global CDN network)
Data Transfer Mechanism: EU-U.S. Data Privacy Framework, Standard Contractual Clauses
Security Certifications: ISO 27001, SOC 2, PCI DSS
Privacy Policy: https://www.cloudflare.com/privacypolicy/
6. Analytics and Advertising Services
Google LLC (Google Analytics & Google Ads)
Service: Website analytics and advertising conversion tracking
Data Processed: IP addresses (anonymized), cookie identifiers, browser info, pages visited, session duration, conversion events
Purpose: Understand user behavior, improve services, measure advertising effectiveness
Location: United States (global operations)
Data Transfer Mechanism: EU-U.S. Data Privacy Framework, Standard Contractual Clauses
Tracking ID: AW-16989828804
Privacy Policy: https://policies.google.com/privacy
Opt-out: Google Analytics Opt-out Add-on
Playwire LLC
Service: Advertising platform for free tier users
Data Processed: IP addresses, cookies, browser and device information, ad interaction data (clicks, views)
Purpose: Display advertisements, measure ad performance, support free tier service
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses
Privacy Policy: https://www.playwire.com/privacy-policy
8. AI and Machine Learning Services
OpenAI, L.L.C.
Service: AI-powered email analysis and content summarization
Data Processed: Email content (when using integrated mail service), user queries submitted for AI processing
Purpose: Provide AI-powered email summaries, content analysis, automated support features
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses, data processing agreements
Note: Data sent to OpenAI is processed according to their data processing terms and is not used to train models
Privacy Policy: https://openai.com/privacy/
OpenRouter.ai
Service: AI model access proxy
Data Processed: AI queries and content submitted for processing
Purpose: Provide access to various AI models for content processing
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses
Privacy Policy: https://openrouter.ai/privacy
Google LLC (Gemini AI)
Service: AI-powered content analysis
Data Processed: Content submitted for AI analysis, user queries
Purpose: Provide AI-enhanced features and content analysis
Location: United States (global operations)
Data Transfer Mechanism: EU-U.S. Data Privacy Framework, Standard Contractual Clauses
Privacy Policy: https://policies.google.com/privacy
AI Terms: https://ai.google.dev/gemini-api/terms
9. Security and Verification Services
Email Verification Services
Service: Email address validation and verification (including Reoon Email Verifier and others)
Data Processed: Email addresses provided during registration
Purpose: Verify email validity, detect disposable email services, prevent fraudulent registrations
Location: Various (processed locally and via third-party APIs)
Note: Email addresses are processed only for verification and not stored by verification services
IP Address Analysis Services
Service: IP address verification and VPN/proxy detection
Data Processed: IP addresses, geolocation data, network characteristics
Purpose: Detect fraudulent traffic, prevent abuse, enhance platform security
Location: Processed locally using databases
Note: Analysis performed primarily using local databases to maintain privacy
10. Summary Table
| Subprocessor | Category | Location | Transfer Mechanism |
|---|---|---|---|
| Hetzner | Infrastructure | Helsinki, Finland (EU) | EU-based |
| OVHcloud | Infrastructure | Hillsboro, USA | SCCs |
| Stripe | Payment Processing | United States | DPF, SCCs |
| Cloudflare | CDN/Security | United States | DPF, SCCs |
| Google (Analytics/Ads) | Analytics | United States | DPF, SCCs |
| Playwire | Advertising | United States | SCCs |
| OpenAI | AI Services | United States | SCCs, DPA |
| OpenRouter | AI Services | United States | SCCs |
| Google (Gemini) | AI Services | United States | DPF, SCCs |
SCCs = Standard Contractual Clauses | DPF = EU-U.S. Data Privacy Framework | DPA = Data Processing Agreement
11. Questions and Contact
For questions about our subprocessors or to exercise your right to object:
Data Protection Officer: [email protected]
Postal Address: Data Protection Officer, c/o Janis Zesiger, Mügeri 340, 5046 Schmiedrued, Switzerland
For more information about data processing, see our Privacy Policy.
Last Updated: November 14, 2025