Unterauftragsverarbeiter
Zuletzt aktualisiert: May 3, 2026
Dieses Dokument ist derzeit nur auf Englisch verfügbar. Eine Übersetzung ist in Vorbereitung.
This page lists the third parties (sub-processors) that may process personal data on behalf of Sefaja in connection with the Saymail service. We update this list whenever a sub-processor is added, removed, or replaced.
Payment, licensing, and tax
| Provider | Purpose | Location |
|---|---|---|
| Lemon Squeezy LLC | Merchant of Record for license and credit purchases. Handles checkout, payment processing, sales tax / VAT collection and remittance, invoicing, license-key delivery, and machine-activation tracking. | United States (EU–US Data Privacy Framework) |
AI routing (Saymail Cloud only)
The provider below processes AI requests only when you choose Saymail Cloud credits. If you use a local model or your own API key (BYOK), Saymail does not route your data through any sub-processor — your traffic flows from your computer directly to the AI provider whose key you have supplied, under that provider's own terms and privacy policy.
| Provider | Purpose | Location |
|---|---|---|
| OpenRouter, Inc. | AI request routing for Saymail Cloud. We configure OpenRouter with the Zero Data Retention (ZDR) options enabled so that the underlying language-model provider does not retain your content after the request and does not use it to train models. The downstream providers OpenRouter may select on our behalf can include Anthropic, OpenAI, Google, and others; the ZDR configuration is enforced at the OpenRouter level for our traffic. | United States (EU–US Data Privacy Framework) |
The Zero Data Retention claim above applies only to Saymail Cloud traffic routed through OpenRouter. BYOK traffic is governed by the policies of the AI provider whose key you have configured, and we make no ZDR claim for it.
Diagnostics and analytics
| Provider | Purpose | Location |
|---|---|---|
| Functional Software, Inc. (Sentry) | Crash and error reporting for the desktop application. Events are redacted client-side (emails, bearer tokens, secret / cookie / auth field values, OS usernames in file paths, and long opaque tokens are replaced with placeholders; attachments are dropped) before transmission. | United States (EU–US Data Privacy Framework) |
| PostHog, Inc. | Privacy-friendly product analytics for the website (page views, funnel metrics). Loaded only after explicit consent via the cookie banner. Not used in the desktop application. | EU and United States (EU–US Data Privacy Framework) |
Hosting and infrastructure
| Provider | Purpose | Location |
|---|---|---|
| Netlify, Inc. | Website hosting (saymail.eu) and serverless functions | United States / EU edge (EU–US Data Privacy Framework) |
Data Processing Agreement
Business customers can request a Data Processing Agreement (DPA) by emailing privacy@saymail.eu.
Notifications
We will update this page when sub-processors change. Material changes that affect business customers under a signed DPA will additionally be notified by email.