Legal Policy

Sub-processor Registry

Last updated: March 2026 5000fish, Inc.

Overview

5000fish, Inc. uses the third-party service providers listed below ("sub-processors") to deliver the DashboardFox platform. Each sub-processor has access to personal data only to the extent necessary to perform their specific function. All sub-processors are bound by data processing agreements and are required to maintain appropriate technical and organizational measures to protect personal data.

This registry is maintained in accordance with our Data Processing Agreement. We will provide at least 30 days' advance notice before adding a new sub-processor or making a material change to an existing one. Notices are sent by email to agency owners and posted to this page.

How transfer mechanisms work: Where personal data is transferred outside the European Economic Area (EEA) or UK, we rely on Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework (DPF) certification, or an adequacy decision. Vendors operating entirely within the EU/EEA require no transfer mechanism. Full details are in our DPA.

Infrastructure & Hosting

Vendor	Purpose	Region	Transfer Mechanism
OVH Cloud	US region cloud hosting and infrastructure	United States	N/A — US customers only
Hetzner	EU region cloud hosting and infrastructure	Germany / Finland	N/A — EU only
Backblaze B2 (US)	Encrypted backup storage for US region	United States	N/A — US customers only
Backblaze B2 (EU)	Encrypted backup storage for EU region	Amsterdam, Netherlands	N/A — EU only
Cloudflare	CDN, web application firewall, and DNS	Global	Standard Contractual Clauses (SCCs)

Payments & Billing

Vendor	Purpose	Region	Transfer Mechanism
Chargebee	Subscription and billing management	United States	Standard Contractual Clauses (SCCs)
Stripe	Payment processing	Ireland (EU) / United States	Stripe Ireland entity (EU); SCCs (US)
Authorize.net	Payment processing (US customers only)	United States	N/A — US customers only

Communications & Authentication

Vendor	Purpose	Region	Transfer Mechanism
Maileroo	Transactional email delivery	Germany / Netherlands	N/A — EU only
Dynosend	Marketing email	United States (AWS us-east-1)	EU-US Data Privacy Framework (DPF)
Twilio	SMS delivery for two-factor authentication	United States	Standard Contractual Clauses (SCCs)

Support & Customer Success

Vendor	Purpose	Region	Transfer Mechanism
HelpCrunch	Live chat and support ticketing	Ireland / Frankfurt	N/A — EU only
Chatbase	AI help assistant	United States (AWS us-east-1)	2021 Standard Contractual Clauses (SCCs)
Eniston	Knowledge base	Germany	N/A — EU only
BetterMode	Community support forum	Canada / United States	Signed DPA

Analytics, Product & Consent

Vendor	Purpose	Region	Transfer Mechanism
UserMaven	Product and website analytics	Germany (Hetzner)	N/A — EU only
Concord	Cookie consent management and consent capture	United States (AWS)	EU-US Data Privacy Framework (DPF)
Frill	Product roadmap and user feedback	Australia	2021 Standard Contractual Clauses (SCCs)
Flook	Product tours (no personal data processed)	Australia	N/A — no personal data in scope

Security

Vendor	Purpose	Region	Transfer Mechanism
Better Stack	Status page and infrastructure monitoring	EU (ISO 27001 certified)	EU-US Data Privacy Framework (DPF)
BeagleSecurity	Annual penetration testing	India	DPA in review (no customer PII in scope)

Sub-processor changes: We review this list regularly. Vendors with documentation agreements in progress are added once agreements are finalized. We will provide at least 30 days' advance notice before any new sub-processor is given access to personal data. To object to a new sub-processor, contact team@dashboardfox.com within the notice period — see our DPA for the full process.

Questions about sub-processors or data transfers:

team@dashboardfox.com