Subprocessors
Every third-party vendor that operates infrastructure for rackwatch.io or processes data on our behalf. We notify B2B customers under DPA at least 30 days before adding a new subprocessor that handles their data.
Website & platform infrastructure
These vendors host or transmit the rackwatch.io marketing site and the public demo platform. They do not handle data from self-hosted RackWatch instances running on customer hardware — that data never leaves customer infrastructure.
| Vendor | Region | Purpose | What data |
|---|---|---|---|
| Railway | US | Hosts the rackwatch.io marketing site and the public demo platform instance. | HTTP request logs (IP, user agent, path, timestamp). No customer fleet telemetry. |
| Porkbun | US | Domain registrar and DNS for rackwatch.io. Email hosting for hello@/security@/privacy@rackwatch.io. | DNS queries (typical registrar logs). Mailbox contents for the email addresses we publish — only the messages you choose to send us. |
| Let's Encrypt | US | TLS certificate issuance for rackwatch.io. | Certificate-issuance metadata (domain name, public-key hash). No personal data. |
| GitHub | US | Source hosting for the open-source agent (rackwatch/rackwatch-agent) and Docker registry for the platform image (ghcr.io). |
Public source code. Image pulls (IP, timestamp). Issue/PR comments you submit. |
Billing & payment
Billing is not yet enabled. The free Homelab tier is the only active offering today. The processor below will be added once paid plans launch — listed here for transparency.
| Vendor | Region | Purpose | What data |
|---|---|---|---|
| [Stripe / Paddle — TBD] | — | Processes subscription payments. May act as Merchant of Record (Paddle) for global tax remittance. | Customer name, billing address, VAT/tax ID, payment-method details (card last-4 only — full PAN is held by the processor, not us). |
Customer fleet data — explicitly not in scope
The whole point of self-hosted monitoring is that fleet telemetry doesn't leave the network you control. Servers, CPU, memory, disk, patch lists, alerts — all of that goes from your agent to your platform instance, on hardware you own. RackWatch the company never sees it. None of the subprocessors above touch it.
If you choose to host your own platform instance on a cloud provider (AWS, GCP, Hetzner, your own data center), that provider is your subprocessor, not ours.
Change notification
If we add or remove a subprocessor, B2B customers under DPA receive at least 30 days' notice via email to the account contact. The "Last updated" date at the top of this page reflects the most recent change.
Subscribe to changes by emailing privacy@rackwatch.io with subject subprocessor-list-subscribe.
Questions
Vendor-specific compliance questions, audit reports, or DPA addenda: privacy@rackwatch.io.