Sub-Processor List

Annex 1 to the Data Processing Agreement (DPA) pursuant to Art. 28 GDPR

discontinue.dev MAS GmbH · AI operations platform for hotels

Last updated: 7 July 2026 · Version 7.1

This list names the sub-processors engaged by discontinue.dev for the hotel data processed on behalf of the hotel customers from the connected systems (e.g. a property management system). It is a binding Annex 1 to the DPA.

Preliminary Remarks

  1. (1) The Controller (hotel) grants a general authorisation pursuant to Art. 28(2) GDPR for the use of the sub-processors named below.
  2. (2) discontinue.dev informs the Controller of any intended change regarding the addition, replacement or removal of sub-processors at least 14 days before it takes effect by email.
  3. (3) The Controller may object for important data protection reasons within this period. In that case, the parties endeavour to find an amicable solution; failing this, an extraordinary right of termination exists.
  4. (4) All sub-processors are contractually obliged (by a data processing agreement or equivalent arrangement) to comply with the requirements of Art. 28 GDPR. In the case of third-country transfers, appropriate safeguards pursuant to Art. 46 GDPR are ensured.

Distinction: Sub-Processor vs. Software Component

What is a sub-processor? Only a party that processes personal hotel/guest data on behalf of discontinue.dev and to which processing is (partly) outsourced qualifies as a sub-processor. The following do not qualify as sub-processors:

  • self-hosted software components where no data is transmitted to a third party, and
  • services in which discontinue.dev acts as an independent controller and without hotel/guest data (e.g. Google Analytics and Cookiebot, see Note 2).

Main Table of Sub-Processors

Oracle Cloud Infrastructure (Oracle Corporation)

Service
Hosting, database, object storage, backup
Data processed
All platform data including data retrieved from the connected systems (reservations, guest names) as well as account data
Location
Frankfurt, Germany (EU)
Transfer basis
Processing in the EU, no ongoing third-country transfer; for any group/support access from third countries, SCCs pursuant to the Oracle Cloud Services Agreement incl. DPA

Anthropic PBC

Service
AI model (Claude API)
Data processed
Contents of individual reports/agent runs; may include reservation data incl. guest names, salutation, email, stay data and special requests
Location
USA
Transfer basis
EU Standard Contractual Clauses (Module 2, Art. 46(2)(c) GDPR) + TIA; no-training; storage no more than 30 days (abuse detection only); see TIA

Mailgun Technologies, Inc. (Sinch Group)

Service
Email delivery of reports/notifications
Data processed
Recipient email address and report contents (may contain guest names if so configured)
Location
EU region (Frankfurt), EU region pinning
Transfer basis
Processing in the EU; Mailgun DPA with SCCs for any US support access

Stripe Payments Europe Ltd.

Service
Billing / payment processing
Data processed
Exclusively billing data (platform account, invoice line items, payment method); no guest data or data from the connected systems
Location
Dublin, Ireland (EU); group affiliation with Stripe Inc. (USA)
Transfer basis
Primary processing in the EU; SCCs for group access; Stripe DPA

Langfuse GmbH (Langfuse Cloud, EU region)

Service
Internal AI/run tracing (observability of agent runs)
Data processed
Run traces of agent runs; may contain report/run content incl. guest names
Location
Berlin, DE; hosting in the EU (AWS, Ireland)
Transfer basis
Processing in the EU, no third-country transfer; Langfuse DPA pursuant to Art. 28 GDPR

Notes

1.Langfuse (Langfuse Cloud, EU – sub-processor).

The Langfuse software used for internal AI/run tracing is used as Langfuse Cloud in the EU region (provider: Langfuse GmbH, Berlin; hosting in the EU). As run-trace data is processed which may contain content from reports/runs (incl. guest names), Langfuse is a sub-processor and is listed in the main table. Processing takes place exclusively in the EU (no third-country transfer); a data processing agreement pursuant to Art. 28 GDPR is in place.

2.Google Analytics / Tag Manager and Cookiebot (not a DPA sub-processor).

Insofar as discontinue.dev uses Google Analytics 4 / Google Tag Manager to analyse the use of its own website and platform, discontinue.dev acts in this respect as an independent controller (not as a processor of the hotel). In doing so, Google processes no guest data or data from the connected systems, but measures exclusively the usage behaviour of platform users/website visitors. Google is therefore not a sub-processor under this DPA. The same applies to the consent management platform Cookiebot (Usercentrics/Cybot A/S, Copenhagen, Denmark; processing exclusively in the EU): it processes only consent data of website/platform users (no guest data or data from the connected systems) and is therefore likewise not a sub-processor under this DPA. These notes serve as clarification; the processing is governed by the Privacy Policy (Google: consent, EU-US Data Privacy Framework + SCCs; Cookiebot: Art. 6(1)(c)/(f) GDPR, processing in the EU).

3.Dynamic model routing / change of the framework.

If a further AI provider is used in the future, it is reviewed in advance against no-training, limited retention and the existence of appropriate transfer safeguards (SCCs). Only thereafter is it added to this list as a sub-processor and announced to the Controllers at least 14 days before it takes effect. This applies accordingly to self-/locally hosted models and other API providers as well as to a change of the agentic/orchestration framework. The change is an ordinary operational measure; the Controller’s data-protection right to object remains unaffected, and no extraordinary right of termination arises as a result.

4.No-training guarantee and limited retention period (Anthropic).

Anthropic PBC has contractually guaranteed that data processed via the API is not used to train the models; transmitted content is stored for no more than 30 days, exclusively for abuse detection, and is automatically deleted thereafter. The transfer to the USA is based on EU Standard Contractual Clauses (Module 2) together with the Transfer Impact Assessment; a DPF certification of Anthropic does not exist as verified on 5 July 2026 (dataprivacyframework.gov; see the TIA note and the evidence document).

5.Transfer Impact Assessment (USA).

For the third-country transfer to the USA (Anthropic PBC), a Transfer Impact Assessment (TIA) pursuant to “Schrems II” (CJEU C-311/18) is in place. It can be requested at datenschutz@discontinue.dev.

Change History

30 Mar 2026
1.0
First version of the Sub-Processor List
19 May 2026
2.0
Consolidation following legal/DSB review: Langfuse removed as a non-sub-processor; Mailgun EU region pinning added; Stripe location Dublin specified; data categories per sub-processor specified; reference to the TIA for the US transfer added
06 Jun 2026
3.0
Markdown version; clarification of Google/Google Analytics as a non-sub-processor added
06 Jun 2026
4.0
Legal review: Anthropic now DPF-certified → transfer basis DPF (primary) + SCCs (fallback)
06 Jun 2026
5.0
Cookiebot (consent management) clarified as a non-DPA sub-processor
17 Jun 2026
6.0
Langfuse added as a sub-processor (Langfuse Cloud, EU region) (previously listed as self-hosted); reason: switch to Langfuse Cloud (EU)
05 Jul 2026
7.0
Clarification for Anthropic: zero data retention replaced by limited retention period (max. 30 days, abuse detection only); no-training unchanged
05 Jul 2026
7.1
Transfer basis for Anthropic corrected: SCCs (Module 2) + TIA instead of DPF – Anthropic is not listed on the DPF list (verified 5 Jul 2026); OCI row supplemented with SCC precaution for support access

For questions or to request further documents (DPA, TIA, TOMs): datenschutz@discontinue.dev