CYBNODE Legal Centre
Explore our comprehensive collection of legal policies, terms of service, and regulatory compliance documents. Our legal centre provides transparent access to important information about your rights, our obligations, and how we handle your data and privacy.
Policies
Product Sub-processors
This document outlines the third-party sub-processors we use to deliver our services and how we ensure your data remains protected.
1. Introduction
This document sets out the third-party service providers ("sub-processors") that Cybnode uses to support the delivery of its products and services. These sub-processors may process limited personal data on behalf of Cybnode's clients in accordance with the UK General Data Protection Regulation (UK GDPR) and the EU GDPR.
Cybnode engages only trusted, industry-recognised partners and ensures that appropriate technical and organisational safeguards are in place to protect personal data. Each sub-processor is subject to a written data processing agreement and required to comply with Cybnode's standards for security, confidentiality, and data protection.
2. Purpose
The purpose of this policy is to provide transparency about the organisations that may process customer data as part of Cybnode's infrastructure or service delivery. This list enables our clients to understand where their data may be handled, and under what safeguards.
Cybnode regularly reviews its sub-processors and updates this statement as necessary to reflect changes in our technology stack or business operations.
3. Current Sub-processors
The following third-party service providers currently act as authorised sub-processors for Cybnode:
| Sub-processor | Purpose of Processing | Location of Processing | Data Protection Safeguards |
|---|---|---|---|
| Cloudflare, Inc. | Content delivery network (CDN), DDoS protection, and web performance optimisation. | Global network (primary data centres in the EU and UK). | ISO 27001, SOC 2 Type II, Standard Contractual Clauses (SCCs). |
| Vultr Holdings LLC | Cloud hosting, virtual private servers, and infrastructure management. | Amsterdam (EU) and London (UK). | ISO 27001, SOC 2 Type II, SCCs for any non-EEA transfers. |
| Google Workspace (G Suite) | Business email, document storage, and collaboration tools. | Primarily within the EU and UK regions. | ISO 27001, ISO 27018, SCCs, GDPR compliant data processing addendum. |
| Amazon Web Services (AWS SES) | Transactional and notification email delivery. | Ireland (EU) region. | ISO 27001, ISO 27701, SOC 2 Type II, SCCs. |
| GitHub, Inc. | Source code management, version control, and secure deployment pipelines. | EU and USA servers. | SOC 2 Type II, ISO 27001, SCCs. |
Cybnode selects each sub-processor based on their proven commitment to data protection, compliance certifications, and operational reliability. All processing is governed by contracts that incorporate data protection obligations consistent with UK and EU law.
4. Updates and Notifications
Cybnode may from time to time engage new sub-processors or remove existing ones as our services evolve. When such changes occur, we will update this document and, where applicable, notify our clients at least 30 days in advance of the effective date of the change.
Clients who object to the engagement of a new sub-processor may contact Cybnode within that notice period to discuss any concerns or alternative arrangements.
5. Data Protection and Compliance
All sub-processors engaged by Cybnode are required to:
- Process personal data only under Cybnode's documented instructions.
- Implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.
- Assist Cybnode in meeting its obligations under applicable data protection laws, including rights of data subjects and breach notification requirements.
- Ensure that any international transfers of personal data are protected by adequate safeguards such as Standard Contractual Clauses or UK Addendum provisions.
Cybnode remains responsible for the acts and omissions of its sub-processors to the same extent that Cybnode would be responsible if performing the relevant data processing activities itself.
6. Review
This Product Sub-processors Policy will be reviewed annually or sooner if Cybnode's operational requirements change. Updated versions will always be made available on our website or upon request.
Approved by: Cybnode Executive Board
Signed by: Michal Nowakowski
Last updated: 26/10/2025
Next Review: 26/10/2026