Legal
Sub-processors
This page lists every third party that processes Customer Data on watchtower's behalf, the purpose for which they process, and where they process. It is referenced by the Data Processing Agreement Section 5.
Watchtower notifies Customer at least 30 days before adding or replacing a Sub-Processor. Customer may object on reasonable data protection grounds within 14 days.
Current Sub-Processors
| Sub-Processor | Purpose | Location | Categories of data | Status |
|---|---|---|---|---|
| Hetzner Online GmbH | Hosting infrastructure (VMs, block storage, off-host backup target) for the cloud production deployment | Nuremberg, Germany (EEA) | All Customer Data at rest | Active |
| Sentry, Inc. | Error telemetry per the observability runbook | United States | Stack traces; request metadata; NO request body content; NO Customer Data marked as PII by configuration | Active when SENTRY_DSN is configured; Customer may instruct disablement |
| Microsoft Corporation | Source system for tenant configuration data Customer authorises watchtower to read; not a watchtower sub-processor in the strict GDPR sense (the customer-Microsoft relationship is independent) but listed for transparency | EU or US, per Customer's Microsoft tenancy | Microsoft 365 / Entra tenant configuration polled by watchtower | Active for every customer (the service does not function without Microsoft access) |
| GitHub, Inc. | Source-code hosting; does not process Customer Data | United States | Code only; no Customer Data | Active |
| Let's Encrypt (Internet Security Research Group) | TLS certificate issuance for the customer-facing endpoints | United States | TLS metadata only (domain name); no Customer Data | Active |
Planned (not yet engaged)
| Sub-Processor | Purpose | Status |
|---|---|---|
| (None at this time) |
Removed
| Sub-Processor | Purpose | Removed on | Reason |
|---|---|---|---|
| (None at this time) |
Sub-Processor change history
Watchtower will record every Sub-Processor change here, with the 30-day notice date and the effective date.
| Notice date | Effective date | Change |
|---|---|---|
| 2026-06-15 | 2026-06-15 | Initial published list (v1.0.0) |
Customer transparency
Customer's authorised contact may subscribe to Sub-Processor change notifications by emailing privacy@watchtower.nu with the subject "Sub-Processor notifications - subscribe."
How we choose Sub-Processors
- We prefer EEA-located Sub-Processors. Non-EEA engagement requires Standard Contractual Clauses and a documented Transfer Impact Assessment.
- We prefer Sub-Processors that publish their own DPA, security posture documentation, and recent third-party audit reports (SOC 2, ISO 27001).
- We avoid Sub-Processors that hold Customer Data beyond the minimum necessary for the function we engage them to perform.