GDPR compliance is a core priority for us — not just as a legal obligation, but as a competitive differentiator. As an Austrian company headquartered in Vienna, we operate entirely within the EU legal framework, and we have deliberately designed our Data Processing Agreement to be more transparent and detailed than what is strictly required.
The DPAs of institutions such as the Bavarian State Opera, Berliner Philharmoniker, Philharmonie de Luxembourg, and Schaubuehne Berlin have all been reviewed and approved by their respective data controllers and legal teams.
Below is each US-based sub-processor from our list, specifying what data flows to them, how sensitive or personal that data is, and whether the integration is relevant to your deployment.
Purpose: Server hosting and infrastructure
Data involved: AWS provides the hosting infrastructure for our platform. All production data is stored exclusively within the EU (primarily Frankfurt, Germany) in a virtual private network. No personal data is transferred to or stored in the US.
Personal data sensitivity: N/A for US transfers — all data resides within the EEA.
Purpose: Payment gateway for credit card and SOFORT transactions
Data involved: Payment data is entered directly by the end customer with Stripe's payment interface — we never store full credit card details on our servers. We only retain a pseudonymized reference (e.g., last four digits, card type). Stripe holds PCI DSS Level 1 certification.
Personal data sensitivity: Moderate (payment transaction metadata only; no raw card data on our side).
Purpose: Optional for sending transactional emails (order confirmations) and integration for pre-show and post-show emails — could partly be handled by you directly.
Data involved: Email address, first name, last name (if available), and order reference for transactional communications. Newsletter data synchronization only occurs if this integration is actively used by the client.
Personal data sensitivity: Low to moderate (contact data for transactional communications).
Purpose: IP-to-country geolocation lookup for tax calculation and fraud prevention
Data involved: IP addresses are sent to MaxMind, which returns only the derived country information. No names, email addresses, or other personally identifiable information is shared.
Personal data sensitivity: Low (IP address only, converted to country-level location data).
Relevance: This integration is optional and only activated if IP-based geolocation is required for your deployment. Can be excluded.
Purpose: Deep linking and performance measurement for mobile app campaigns
Data involved: Device-level identifiers and attribution data (e.g., which marketing campaign led to an app install). No directly identifiable personal data such as names or email addresses is shared.
Personal data sensitivity: Low (pseudonymized device and campaign attribution data).
Purpose: Push notifications, in-app messaging, and usage behavior analytics
Data involved: User behavior data within the app (e.g., pages visited, features used), push notification tokens, and user identifiers for campaign targeting. CleverTap stores all user data in data centers within the European Union.
Personal data sensitivity: Moderate (behavioral and engagement data, but EU-hosted).
Purpose: Firebase is used for app analytics and usage data collection. YouTube embedding is optional.
Data involved: Aggregated and anonymized app usage statistics (e.g., crash reports, session data). Firebase operates as a data processor under GDPR with dedicated Data Processing and Security Terms.
Personal data sensitivity: Low to moderate (analytics and crash data; no directly identifying customer data unless specifically configured).
Relevance: If analytics and video embedding are not required, Firebase/YouTube can be excluded.
Purpose: Error monitoring and debugging for our platform
Data involved: Technical error logs only. Any customer data that might appear in error logs is transferred in pseudonymized form. Data is automatically deleted after one month.
Personal data sensitivity: Very low (pseudonymized technical error data with short retention).
Purpose: Recording user behavior and measuring success for digital advertising campaigns
Data involved: Aggregated and pseudonymized behavioral signals for ad campaign performance (e.g., conversion tracking). Only relevant if the client runs Meta/Facebook advertising campaigns linked to the app.
Personal data sensitivity: Low to moderate (behavioral tracking pixels/SDK data).
Relevance: If you do not run Meta advertising campaigns, this sub-processor is not relevant and can be excluded.
All US-based sub-processors are either certified under the EU-US Data Privacy Framework (DPF) or operate under EU Standard Contractual Clauses (SCCs), or both.
Our infrastructure (AWS) is hosted exclusively within the EU (Frankfurt, Germany).
Payment data never touches our servers — it flows directly between the end customer and the PCI DSS-certified payment provider.
Several sub-processors are optional integrations (MaxMind, Firebase/YouTube, Meta, MailChimp newsletter) that may not apply to your deployment at all. We are happy to tailor the sub-processor list accordingly.
The EU-US Data Privacy Framework was upheld by the EU General Court in September 2025 (Latombe v Commission, T-553/23). While there has been public discussion about the future stability of the DPF, the adequacy decision remains legally valid today. As a matter of best practice, our DPA requires all non-EEA sub-processors to comply with EU Standard Contractual Clauses as an additional safeguard layer — meaning our data transfers are not solely reliant on the DPF.
