Sub-Processor List
Annex 1 to the Data Processing Agreement (DPA) pursuant to Art. 28 GDPR
discontinue.dev MAS GmbH · AI operations platform for hotels
Last updated: 7 July 2026 · Version 7.1
This list names the sub-processors engaged by discontinue.dev for the hotel data processed on behalf of the hotel customers from the connected systems (e.g. a property management system). It is a binding Annex 1 to the DPA.
Preliminary Remarks
- (1) The Controller (hotel) grants a general authorisation pursuant to Art. 28(2) GDPR for the use of the sub-processors named below.
- (2) discontinue.dev informs the Controller of any intended change regarding the addition, replacement or removal of sub-processors at least 14 days before it takes effect by email.
- (3) The Controller may object for important data protection reasons within this period. In that case, the parties endeavour to find an amicable solution; failing this, an extraordinary right of termination exists.
- (4) All sub-processors are contractually obliged (by a data processing agreement or equivalent arrangement) to comply with the requirements of Art. 28 GDPR. In the case of third-country transfers, appropriate safeguards pursuant to Art. 46 GDPR are ensured.
Distinction: Sub-Processor vs. Software Component
What is a sub-processor? Only a party that processes personal hotel/guest data on behalf of discontinue.dev and to which processing is (partly) outsourced qualifies as a sub-processor. The following do not qualify as sub-processors:
- self-hosted software components where no data is transmitted to a third party, and
- services in which discontinue.dev acts as an independent controller and without hotel/guest data (e.g. Google Analytics and Cookiebot, see Note 2).
Main Table of Sub-Processors
Oracle Cloud Infrastructure (Oracle Corporation)
- Service
- Hosting, database, object storage, backup
- Data processed
- All platform data including data retrieved from the connected systems (reservations, guest names) as well as account data
- Location
- Frankfurt, Germany (EU)
- Transfer basis
- Processing in the EU, no ongoing third-country transfer; for any group/support access from third countries, SCCs pursuant to the Oracle Cloud Services Agreement incl. DPA
Anthropic PBC
- Service
- AI model (Claude API)
- Data processed
- Contents of individual reports/agent runs; may include reservation data incl. guest names, salutation, email, stay data and special requests
- Location
- USA
- Transfer basis
- EU Standard Contractual Clauses (Module 2, Art. 46(2)(c) GDPR) + TIA; no-training; storage no more than 30 days (abuse detection only); see TIA
Mailgun Technologies, Inc. (Sinch Group)
- Service
- Email delivery of reports/notifications
- Data processed
- Recipient email address and report contents (may contain guest names if so configured)
- Location
- EU region (Frankfurt), EU region pinning
- Transfer basis
- Processing in the EU; Mailgun DPA with SCCs for any US support access
Stripe Payments Europe Ltd.
- Service
- Billing / payment processing
- Data processed
- Exclusively billing data (platform account, invoice line items, payment method); no guest data or data from the connected systems
- Location
- Dublin, Ireland (EU); group affiliation with Stripe Inc. (USA)
- Transfer basis
- Primary processing in the EU; SCCs for group access; Stripe DPA
Langfuse GmbH (Langfuse Cloud, EU region)
- Service
- Internal AI/run tracing (observability of agent runs)
- Data processed
- Run traces of agent runs; may contain report/run content incl. guest names
- Location
- Berlin, DE; hosting in the EU (AWS, Ireland)
- Transfer basis
- Processing in the EU, no third-country transfer; Langfuse DPA pursuant to Art. 28 GDPR
Notes
1.Langfuse (Langfuse Cloud, EU – sub-processor).
The Langfuse software used for internal AI/run tracing is used as Langfuse Cloud in the EU region (provider: Langfuse GmbH, Berlin; hosting in the EU). As run-trace data is processed which may contain content from reports/runs (incl. guest names), Langfuse is a sub-processor and is listed in the main table. Processing takes place exclusively in the EU (no third-country transfer); a data processing agreement pursuant to Art. 28 GDPR is in place.
2.Google Analytics / Tag Manager and Cookiebot (not a DPA sub-processor).
Insofar as discontinue.dev uses Google Analytics 4 / Google Tag Manager to analyse the use of its own website and platform, discontinue.dev acts in this respect as an independent controller (not as a processor of the hotel). In doing so, Google processes no guest data or data from the connected systems, but measures exclusively the usage behaviour of platform users/website visitors. Google is therefore not a sub-processor under this DPA. The same applies to the consent management platform Cookiebot (Usercentrics/Cybot A/S, Copenhagen, Denmark; processing exclusively in the EU): it processes only consent data of website/platform users (no guest data or data from the connected systems) and is therefore likewise not a sub-processor under this DPA. These notes serve as clarification; the processing is governed by the Privacy Policy (Google: consent, EU-US Data Privacy Framework + SCCs; Cookiebot: Art. 6(1)(c)/(f) GDPR, processing in the EU).
3.Dynamic model routing / change of the framework.
If a further AI provider is used in the future, it is reviewed in advance against no-training, limited retention and the existence of appropriate transfer safeguards (SCCs). Only thereafter is it added to this list as a sub-processor and announced to the Controllers at least 14 days before it takes effect. This applies accordingly to self-/locally hosted models and other API providers as well as to a change of the agentic/orchestration framework. The change is an ordinary operational measure; the Controller’s data-protection right to object remains unaffected, and no extraordinary right of termination arises as a result.
4.No-training guarantee and limited retention period (Anthropic).
Anthropic PBC has contractually guaranteed that data processed via the API is not used to train the models; transmitted content is stored for no more than 30 days, exclusively for abuse detection, and is automatically deleted thereafter. The transfer to the USA is based on EU Standard Contractual Clauses (Module 2) together with the Transfer Impact Assessment; a DPF certification of Anthropic does not exist as verified on 5 July 2026 (dataprivacyframework.gov; see the TIA note and the evidence document).
5.Transfer Impact Assessment (USA).
For the third-country transfer to the USA (Anthropic PBC), a Transfer Impact Assessment (TIA) pursuant to “Schrems II” (CJEU C-311/18) is in place. It can be requested at datenschutz@discontinue.dev.
Change History
For questions or to request further documents (DPA, TIA, TOMs): datenschutz@discontinue.dev