Subprocessors

Also available in:Bulgarian

Last updated: August 7, 2025

Forci Web Consulting Ltd. uses carefully selected third-party service providers (subprocessors) to assist in delivering our services. We carry out due diligence to ensure each subprocessor meets our security requirements and applicable data protection laws, and where a dedicated Data Processing Agreement (DPA) is not available we rely on equivalent contractual safeguards (e.g., infrastructure-level DPAs) and robust technical and organisational measures.

Current Subprocessors by Category

Infrastructure & Hosting

  • Cloudflare, Inc. (United States/Global)
    • Purpose: CDN, DDoS protection, DNS, and web application firewall
    • Location: Global network (300+ cities), processing in US and EU data centers
    • Transfer mechanism: EU-U.S. Data Privacy Framework + EU Standard Contractual Clauses
    • Note: DPA incorporated by reference in Self-Serve Subscription Agreement
    • Certifications: ISO 27001, ISO 27701, ISO 27018, SOC 2 Type II, EU Cloud Code of Conduct
    • Privacy Policy | Trust Hub
  • Hetzner Online GmbH (Germany/Finland)
    • Purpose: Primary infrastructure provider for EU production workloads
    • Location: EU data centers only - no international transfers
    • Privacy Policy
  • Wasabi Technologies LLC (EU Region)
    • Purpose: Object storage for backups and archives
    • Location: EU region selected
    • Transfer mechanism: EU & UK Standard Contractual Clauses
    • Privacy Policy

Development & AI Services

  • Anthropic PBC (United States)
    • Purpose: AI language model infrastructure (Claude API)
    • Transfer mechanism: EU Standard Contractual Clauses
    • Trust Center
  • OpenAI Ireland Ltd. (Ireland/United States)
    • Purpose: GPT-4 API and ChatGPT Enterprise features
    • Location: EU/Ireland and US processing
    • Transfer mechanism: Intra-group EU Standard Contractual Clauses
    • Privacy Policy
  • Cursor Inc. (United States)
    • Purpose: AI-powered code editor with integrated development features
    • Transfer mechanism: EU Standard Contractual Clauses (Module 2) + UK Addendum
    • Note: Privacy Mode with Storage enabled (zero data retention by model providers, temporary encrypted storage for background agents functionality only, no training on data), SOC2 certified, formal DPA available
    • Trust Center | Subprocessors | Privacy | DPA
  • Dynalist Inc. (Obsidian Sync) (Canada)
    • Purpose: Secure synchronization of knowledge management vaults
    • Location: EU servers (user-selected) - no international transfers
    • Infrastructure: Hosted on Digital Ocean (Frankfurt) - Digital Ocean DPA
    • Note: End-to-end encryption with user-controlled password
    • Security Documentation | Privacy

Productivity & Collaboration

  • Slack Technologies (United States/Ireland)
    • Purpose: Internal team communication and collaboration platform
    • Location: US and EU (Ireland) processing
    • Transfer mechanism: EU-U.S. Data Privacy Framework + EU Standard Contractual Clauses
    • Note: Part of Salesforce Group, formal DPA available
    • Privacy Policy | Security
  • JetBrains s.r.o. (Czech Republic/EU)
    • Purpose: YouTrack issue tracking and project management
    • Location: EU hosting only - no data transfers outside EU/EEA
    • Transfer mechanism: Not applicable (EU-based processing)
    • Privacy Policy
  • Google Ireland Ltd. (Global)
    • Purpose: Google Workspace and Cloud Platform services
    • Location: Global data center network including EU
    • Transfer mechanism: EU/UK Standard Contractual Clauses
    • Privacy Policy

Security & Monitoring

  • Functional Software Inc. (Sentry) (United States)
    • Purpose: Error tracking and performance monitoring
    • Transfer mechanism: EU-U.S. Data Privacy Framework & EU SCCs
    • Privacy Policy

Technical Subprocessors

  • Development partners
    • Purpose: Software development and technical services
    • Location: Bulgaria, EU
    • Partners: Developnica EOOD
    • All development partners sign NDAs and DPAs

AI Development Tools Policy

We utilize AI-assisted development tools in our service delivery, configured with appropriate security measures:

  • Zero data retention by model providers - Your code is never stored by AI models
  • Temporary encrypted storage - Only for functionality like background agents
  • No training on data - Your code is never used to train AI models

Our Commitments

  • All subprocessors are bound by a written Data Processing Agreement (DPA) or equivalent contractual safeguards designed to support GDPR-compliant processing
  • We conduct regular security assessments of our subprocessors
  • We maintain appropriate safeguards for any international data transfers
  • Subprocessors cannot use personal data for their own purposes
  • We perform due diligence before engaging new subprocessors

Changes to Subprocessors

We may update our subprocessors to improve our services. Clients with active Data Processing Agreements will be notified of material changes according to the terms of their agreement.

Questions?

For specific inquiries about our data processing practices or subprocessors, please contact:

Email: privacy@forci.com
Phone: +359 887 189 697
Address: Bulgaria, Sofia 1517, zh.k. Suhata reka, bl. 52, vh. G, et. 6, ap. 18

Subprocessors | Forci