Subprocessor List and Data Retention Schedule
Effective date: July 15, 2026 · Version 1.0
1. Subprocessors
StableDeliver's core database and application run on infrastructure we operate. The following third-party providers process limited data as described:
| Provider | Purpose | Data | Processing location | Policy |
|---|---|---|---|---|
| Contabo GmbH | Server hosting (application, database, file storage) | All service data at the infrastructure level | Germany (EU) | contabo.com/en/legal/privacy |
| Cloudflare, Inc. | DNS, CDN, TLS, email routing, security | Request metadata, IP addresses, email routing metadata | Global edge network (US company) | cloudflare.com/privacypolicy |
| Resend, Inc. | Transactional email (login links, order and delivery notices) | Recipient email address, message content, delivery metadata | United States | resend.com/legal/privacy-policy |
| Public blockchain RPC and explorer providers (e.g. mempool.space, public EVM/Tron endpoints) | Read-only on-chain payment verification | Public blockchain queries: transaction hashes, wallet addresses, amounts | Various | Provider-specific |
Notes: Our Postgres database and analytics are self-hosted on our own servers and are not third-party subprocessors. Blockchain queries involve only data that is already public on the relevant network.
2. Data retention schedule
| Data category | Normal period | Reason | Deletion action |
|---|---|---|---|
| Account profile and organisation data | Account life + 30 days | Operate account and allow recovery | Delete or anonymise, subject to legal holds |
| Authentication/session records | 90 days | Security and incident investigation | Expire tokens and delete logs |
| Order and on-chain verification records | 7 years or legally required period | Tax, fraud, disputes, business records | Delete direct identifiers where no longer needed; blockchain data remains public |
| Seller product configuration | While active + 30 days | Service operation and recovery | Delete after export window |
| Seller files and fulfilment materials | While product active + 30 days after deletion | Delivery and recovery | Delete primary copies; backups expire normally |
| Licence-key assignment records | Product/account life + 7 years where needed | Prevent double issue and evidence fulfilment | Delete/anonymise according to contractual need |
| Buyer email / group identifier | Delivery + 24 months, or seller instruction | Support and dispute evidence | Delete or return on seller instruction subject to law |
| Support communications | 24 months after closure | Support quality and disputes | Delete unless legal hold |
| Security and access logs | 12 months | Detection and investigation | Rolling deletion |
| Analytics events | 24 months | Product measurement | Aggregate or delete |
| Backups | Rolling 35–90 days | Disaster recovery | Automatic overwrite |
| Copyright/abuse/legal records | 7 years after closure | Defence and compliance | Restricted archive, then delete |
Questions about subprocessors or retention: [email protected].