Subprocessors | Eagle Virtual

Last Updated: June 9, 2026
This page is incorporated by reference into our Data Processing Addendum (Annex C).

1. Subprocessors of Customer Personal Data

These providers may process Customer Personal Data (as defined in the DPA) on Eagle Virtual's behalf as part of our hosting and delivery infrastructure.

Cloudflare, Inc. (United States)

Purpose: Content delivery network, DNS, DDoS and bot protection (including Turnstile), web application firewall, edge compute, and edge storage for the Service's websites, APIs, and application data.
Processing locations: Primarily the United States and the EEA, on a geographically distributed global edge network.
Transfer mechanism: EU–U.S. Data Privacy Framework (plus UK Extension and Swiss–U.S. DPF), with EU Standard Contractual Clauses and supplementary measures as fallback.
Provider documentation: Cloudflare Customer DPA · Privacy Policy · GDPR Trust Hub · Cloudflare's own sub-processors

Hetzner Online GmbH (Germany)

Purpose: Dedicated server hosting for the Service's API origin and data processing infrastructure.
Processing locations: Finland (Data Center Park Helsinki, operated by Hetzner Finland Oy as Hetzner's approved subcontractor). Hetzner's DPA commits to processing exclusively within the EU/EEA for our server location.
Transfer mechanism: None required — EU/EEA-only processing under a GDPR Article 28 data processing agreement with Hetzner Online GmbH.
Provider documentation: Hetzner DPA (PDF) · Privacy Policy · Data Privacy FAQ

2. Payment and Identity Providers

These providers support sign-in and billing. For parts of that processing (for example, payment fraud prevention, or your Google/Microsoft account itself) they act as independent controllers under their own privacy notices, not as Eagle Virtual's processors.

Stripe, Inc. / Stripe, LLC (United States)

Purpose: Payment processing, subscription billing, and invoicing.
Processing locations: United States, with Stripe affiliates and service providers in the EU, U.S., and India.
Transfer mechanism: EU–U.S. Data Privacy Framework (plus UK Extension and Swiss–U.S. DPF; certifying entity Stripe, LLC), and Standard Contractual Clauses via Stripe's Data Transfers Addendum.
Provider documentation: Stripe DPA · Privacy Policy · DPF Policy · Stripe's own sub-processors

Google LLC (United States)

Purpose: Sign-in identity provider (Google OAuth). We receive your email address and basic profile data when you choose Google sign-in; our use of that data follows the Google API Services User Data Policy, including its Limited Use requirements.
Processing locations: Global (Google maintains servers around the world).
Transfer mechanism: EU–U.S. Data Privacy Framework (plus UK Extension and Swiss–U.S. DPF; Google LLC and its wholly-owned U.S. subsidiaries), and Standard Contractual Clauses.
Provider documentation: Google Privacy Policy · Data transfer frameworks · API Services User Data Policy

Microsoft Corporation (United States)

Purpose: Sign-in identity provider (Microsoft Entra ID / Microsoft identity platform OAuth). We receive your email address and basic profile data when you choose Microsoft sign-in.
Processing locations: Global.
Transfer mechanism: EU–U.S. Data Privacy Framework (plus UK Extension and Swiss–U.S. DPF), and Standard Contractual Clauses via the Microsoft Products and Services DPA.
Provider documentation: Microsoft Privacy Statement · Microsoft Products and Services DPA

3. What Is Not on This List

Our own infrastructure. Eagle Virtual operates its own transactional email server and internal systems; first-party infrastructure is not a subprocessor.
Analytics and advertising vendors. None — the Service uses essential cookies only and no third-party analytics or advertising trackers.
Public data sources. Government sanctions list publishers, public blockchains, and public databases are data sources, not processors of Customer Personal Data; see Data We Publish.

4. Change Notice and Objections

We will update this page at least 30 days before a new subprocessor begins processing Customer Personal Data (except emergency replacements needed for security or continuity, which we will post as soon as practicable). Customers can subscribe to change notifications by emailing privacy@eaglevirtual.com with the subject "Subscribe: subprocessor updates". Customers may object to a new subprocessor on reasonable data-protection grounds within 30 days of the update, as described in Section 6 of the Data Processing Addendum.

5. Change Log

2026-06-09: Initial list published (Cloudflare, Hetzner, Stripe, Google, Microsoft).

6. Contact

Privacy: privacy@eaglevirtual.com
Legal: legal@eaglevirtual.com
Address: Eagle Virtual LLC, 8586 Potter Park Dr., Sarasota, FL 34238, United States