Phaset | Subprocessors

Effective Date: December 6, 2025

Subprocessors List v1.0 | Last Updated: December 6, 2025

This page lists all third-party services (subprocessors) that process personal data in connection with Phaset services.

Note: The specific subprocessors that apply to you depend on how you use Phaset:

Website visitors: Umami (analytics) and Polar.sh (payment processing)
Managed Phaset subscribers: All subprocessors listed below
Self-hosted Phaset: Only website-related services apply (Umami and Polar.sh for purchases); your operational data stays on your infrastructure

Website Services

These services are used for the Phaset marketing website (phaset.dev) and apply to all visitors:

Umami

Location: EU (Umami Cloud)

Purpose: Privacy-focused website analytics

Data Processed: Anonymized website usage data (page views, navigation patterns, device type, browser info, anonymized location)

GDPR Compliance: GDPR compliant, no cookies, no personal identifiers

Privacy Policy: umami.is/privacy

Polar.sh

Location: EU/USA

Purpose: Secure payment handling and billing for license purchases and subscriptions

Data Processed: Payment details, billing information, email, name

GDPR Compliance: GDPR compliant with appropriate safeguards

Privacy Policy: polar.sh/legal/privacy

Managed Phaset Infrastructure

These services process your operational data only if you subscribe to Managed Phaset:

Scaleway

Location: France (EU) - Paris region

Purpose: Virtual machine hosting for backend API

Data Processed: All operational data in your Phaset instance (catalogs, services, metrics, documentation, user management)

GDPR Compliance: EU-based, GDPR compliant

Privacy Policy: scaleway.com/en/privacy-policy

Cloudflare

Location: USA (global CDN)

Purpose: Frontend application delivery via Cloudflare Pages

Data Processed: Frontend application code and assets (no operational data)

GDPR Compliance: GDPR compliant with Standard Contractual Clauses

Privacy Policy: cloudflare.com/privacypolicy

Pulsetic

Location: USA

Purpose: Uptime monitoring and status page

Data Processed: Uptime metrics and availability data (no operational data)

GDPR Compliance: GDPR compliant with appropriate safeguards

Privacy Policy: pulsetic.com/privacy

Changes to Subprocessors

Subprocessors may change to improve service quality, reduce costs, enhance sustainability, or address provider issues.

If subprocessors are changed:

You'll receive 30 days advance notice via email
Data will remain in the EU (for infrastructure subprocessors)
All new subprocessors will comply with GDPR
You can cancel with refund of unused time if you don't approve

Data Protection

All subprocessors:

Comply with GDPR requirements through appropriate safeguards
Have been assessed for security and privacy practices
Are contractually bound to protect your data
Process data only for the purposes specified above

Questions About Subprocessors?

If you have questions or concerns about how subprocessors handle your data:

Email: [email protected]