Effective Date: April 1, 2026
(For the previous version of this list, valid until March 31, 2026, click here)
CookieHub uses trusted third-party service providers (“Sub-processors”) to deliver and support the CookieHub consent management platform.
We group sub-processors based on the type of data processed and their function within our operations.
Where Sub-processors process personal data on behalf of customers, they are contractually bound by data protection obligations consistent with our Data Processing Agreement (DPA).
These Sub-processors are essential to delivering the CookieHub platform. They may process pseudonymous consent data and limited customer account data on our behalf.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, compute, storage, monitoring | Germany, United Kingdom |
| Online S.A.S. (Scaleway) | Cloud hosting, storage | France, Netherlands |
| BunnyWay d.o.o. (Bunny.net) | Content delivery network (CDN) | Global |
| Cloudflare, Inc. | CDN, WAF, DDoS protection | Global |
These providers support:
Hosting of application infrastructure
Storage of pseudonymous consent logs
Secure content delivery
Network protection and traffic filtering
Where processing occurs outside the EEA, appropriate safeguards under Chapter V GDPR are in place, including Standard Contractual Clauses where applicable.
These Sub-processors support direct communication with customers. They may process customer account and contact data.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Help Scout | Customer support ticketing and email communication | United States |
| Userlist, Inc. | Transactional and marketing email delivery | United States |
| Microsoft Ireland Operations Limited (Microsoft 365) | Email services (Exchange Online), document storage (SharePoint, OneDrive), collaboration tools | European Union / Global infrastructure |
These providers do not process website visitor consent data except where such data is included in support communications initiated by the customer.
These providers process billing-related data necessary to complete transactions.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Teya Iceland hf | Payment processing | Iceland |
Full payment card data is processed directly by the payment provider and is not stored in full by CookieHub.
These tools are used for internal business operations and may contain limited customer contact data but do not process website visitor consent logs as part of standard operations.
| Sub-Processor | Purpose | Location |
|---|---|---|
| Notion | Project management | United States |
| GitHub | Code repository and development management | United States |
These tools are used for operational coordination, documentation, and internal collaboration.
Where Sub-processors are located outside the European Economic Area, transfers are subject to appropriate safeguards in accordance with Chapter V GDPR, including:
Standard Contractual Clauses
Supplementary measures where appropriate
CookieHub may update this list from time to time.
An up-to-date list of Sub-processors applicable to customer data processing is maintained in Annex 2 of our Data Processing Agreement.
If you have questions regarding our Sub-processors, please contact: support@cookiehub.com
©2018-2026 CookieHub ehf.
CookieHub CMP offers tools and services for managing cookies and online privacy.
