List of subprocessors

As of May 2026

This page lists the external service providers we engage to deliver Restio's functions. All providers listed here are data processors within the meaning of Art. 28 GDPR; a data processing agreement (Auftragsverarbeitungsvertrag) has been concluded with each.

We occasionally change providers. Material changes are announced at least 30 days in advance in our Privacy Policy.

Current subprocessors

Provider	Registered office	Purpose	Processing region	Third-country safeguards
Google Ireland Limited	Gordon House, Barrow Street, Dublin 4, D04 E5W5, Ireland	Cloud infrastructure (hosting, authentication, data storage, cloud functions); AI-powered request processing	EU (region europe-west1)	Group affiliation with Google LLC (USA): EU-US Data Privacy Framework (DPF), certified; supplemented by Standard Contractual Clauses under Art. 46 GDPR
RevenueCat, Inc.	1032 E Brandon Blvd #3003, Brandon, FL 33511, USA	Management of in-app subscriptions (Apple App Store, Google Play)	USA	EU-US Data Privacy Framework (DPF) and/or Standard Contractual Clauses under Art. 46 GDPR; data processing agreement concluded
Sendinblue SAS (Brevo)	17 rue Salneuve, 75017 Paris, France (RCS Paris 498 019 298)	Delivery of transactional and informational emails	EU (France)	— (processing within the EU)
TikTok Technology Limited	10 Earlsfort Terrace, Dublin, D02 T380, Ireland	Advertising effectiveness measurement (TikTok Business SDK; processing only after consent)	EU/USA/China	Standard Contractual Clauses; joint controllership under Art. 26 GDPR; processing only after the user's explicit consent

Requirements we impose on all subprocessors

Data processing agreement under Art. 28 GDPR
For AI providers: contractual exclusion of using user data for training or model improvement
For third-country transfers: DPF certification or Standard Contractual Clauses under Art. 46 GDPR
Encryption in transit (TLS) and at rest

Questions? Contact info@restio.io. Last updated: May 2026.