Cloop

Cloop Subprocessor List

Last updated: 2026-02-15

This document lists the third-party subprocessors that ROFFI Oy ("Cloop") engages to process personal data on behalf of our customers. This list is maintained as required by our Data Processing Agreement and GDPR.


Current Subprocessors

SubprocessorPurposeData ProcessedLocationDPA/Safeguards
Hetzner Online GmbHServer hosting (VPS), object storage for uploaded documentsAll service data (database, files, logs)Helsinki, Finland (EU)Hetzner DPA, EU-based
Nebius B.V.AI inference — embedding generation and chat response generationChat message text, content chunks, system prompts, conversation historyEU data centersNebius AI Studio Terms of Service; data not used for model training
Let's Encrypt (ISRG)TLS certificate issuanceDomain names only (no personal data)GlobalNo personal data processed

What Each Subprocessor Does

Hetzner Online GmbH

Nebius B.V.

Let's Encrypt (Internet Security Research Group)


Subprocessors We Do NOT Use

For clarity, we do not currently use:

If we add any of these in the future, we will update this list and notify customers per the DPA (30 days advance notice).


Changes to This List

We notify customers of new subprocessors at least 30 days before they begin processing data, via:

If you object to a new subprocessor, you may terminate the affected service within 30 days of notification per the DPA.


Change History

DateChange
2026-02-15Initial list published

Contact

Questions about our subprocessors: privacy@cloop.io