Subprocessors
Every third-party vendor that operates infrastructure for rackwatch.io or processes data on our behalf. We notify B2B customers under DPA at least 30 days before adding a new subprocessor that handles their data.
Website & platform infrastructure
These vendors host or transmit the rackwatch.io marketing site and the public demo platform. They do not handle data from self-hosted RackWatch instances running on customer hardware — that data never leaves customer infrastructure.
| Vendor | Region | Purpose | What data |
|---|---|---|---|
| Railway | US | Hosts the rackwatch.io marketing site and the public demo platform instance. | HTTP request logs (IP, user agent, path, timestamp). No customer fleet telemetry. |
| Porkbun | US | Domain registrar and DNS for rackwatch.io. Email hosting for hello@/security@/privacy@rackwatch.io. | DNS queries (typical registrar logs). Mailbox contents for the email addresses we publish — only the messages you choose to send us. |
| Let's Encrypt | US | TLS certificate issuance for rackwatch.io. | Certificate-issuance metadata (domain name, public-key hash). No personal data. |
| GitHub | US | Source hosting for the open-source agent (rackwatch/rackwatch-agent) and a mirror Docker registry (ghcr.io/weyndahir/platform). |
Public source code. Image pulls (IP, timestamp). Issue/PR comments you submit. |
| Docker Hub | US | Primary Docker registry for the platform image (docker.io/rackwatch/platform, multi-arch amd64 + arm64). |
Image pulls (IP, timestamp). |
Billing & transactional email
These vendors handle subscription payments and license-key delivery. They only see data we collect during checkout and the post-purchase email — never fleet telemetry from your self-hosted RackWatch instance.
| Vendor | Region | Purpose | What data |
|---|---|---|---|
| Stripe | US | Processes subscription payments via Stripe Checkout (Payment Links). Holds card details and handles recurring billing. | Customer name, business name, billing address, email, payment-method details (card last-4 only — full PAN is held by Stripe, never reaches RackWatch). |
| Resend | US | Delivers transactional emails — license-key delivery after subscription, billing receipts. | Recipient email address, license-key value, customer name (in email greeting). No fleet data. |
Customer fleet data — explicitly not in scope
The whole point of self-hosted monitoring is that fleet telemetry doesn't leave the network you control. Servers, CPU, memory, disk, patch lists, alerts — all of that goes from your agent to your platform instance, on hardware you own. RackWatch the company never sees it. None of the subprocessors above touch it.
If you choose to host your own platform instance on a cloud provider (AWS, GCP, Hetzner, your own data center), that provider is your subprocessor, not ours.
Change notification
If we add or remove a subprocessor, B2B customers under DPA receive at least 30 days' notice via email to the account contact. The "Last updated" date at the top of this page reflects the most recent change.
Subscribe to changes by emailing privacy@rackwatch.io with subject subprocessor-list-subscribe.
Questions
Vendor-specific compliance questions, audit reports, or DPA addenda: privacy@rackwatch.io.