Rochen uses selected third-party providers and Affiliates to help deliver, support, secure, operate, and improve the Services.
Some providers act as subprocessors when they process Customer Personal Data on behalf of Rochen in connection with the Services. Other providers may process Customer Relationship Data or provide business, billing, fraud prevention, communication, support, analytics, marketing, advertising, or operational services.
This page supports Rochen’s Data Processing Agreement (“DPA”) and Privacy Notice by identifying the third-party providers and subprocessors listed below, their purposes, roles, provider or contracting entity locations where reasonably known, and the countries or regions where processing may occur.
Processing locations may vary depending on the Services used, customer-selected regions, service configuration, provider infrastructure, support access, routing, operational requirements, and the provider’s own approved subprocessors.
Capitalized terms used but not defined on this page have the meanings given in Rochen’s DPA or Privacy Notice.
| Provider | Purpose | Role / data involved | Entity location | Processing locations |
|---|---|---|---|---|
| Rochen US, Inc. | Rochen Affiliate involved in providing, supporting, securing, operating, and administering the Services | Affiliate; may process Customer Personal Data in accordance with the Data Processing Agreement and Customer Relationship Data in accordance with the Privacy Notice | United States | United States and other locations where Rochen personnel or systems operate |
| Amazon Web Services (AWS) | Cloud infrastructure, compute, storage, database, networking, security, monitoring, and related hosting infrastructure | Subprocessor for Customer Personal Data hosted or processed using AWS-backed customer-facing Services; service provider / processor for Customer Relationship Data and operational data hosted or processed using Rochen-operated AWS infrastructure | Amazon Web Services EMEA SARL — Luxembourg | United Kingdom, United States, Canada, Germany, Australia, Brazil, India |
| Google Cloud Platform (GCP) | Cloud infrastructure, compute, storage, database, networking, security, monitoring, and related hosting infrastructure | Subprocessor for Customer Personal Data hosted or processed using GCP-backed customer-facing Services; service provider / processor for Customer Relationship Data and operational data hosted or processed using Rochen-operated GCP infrastructure | Google Cloud EMEA Limited — Ireland | United Kingdom, United States |
| Wasabi | Off-site backup storage, backup resilience, disaster recovery, and related object storage services | Subprocessor for Customer Personal Data included in customer-facing backups stored using Wasabi-backed backup services; service provider / processor for Customer Relationship Data included in backups of Rochen-operated systems | Wasabi Technologies, LLC — United States | United States, United Kingdom, Germany, Canada, Singapore, Australia, and other Wasabi regions used by Rochen |
| Twilio SendGrid | Email delivery, transactional email, email routing, deliverability, suppression management, bounce handling, and related email services | Subprocessor where Twilio SendGrid processes Customer Personal Data for customer-facing email delivery or routing; service provider / processor for Customer Relationship Data and Rochen-operated email communications | Twilio Ireland Limited — Ireland, where Rochen contracts as a UK/EEA customer, unless a different Twilio contracting entity applies | United States, European Union, and other locations used by Twilio and its subprocessors |
| MailChannels | Email delivery, outbound email filtering, spam and abuse prevention, email routing, deliverability, and related email security services | Subprocessor where MailChannels processes Customer Personal Data for customer-facing email delivery, routing, filtering, or abuse prevention; service provider / processor for Customer Relationship Data and Rochen-operated email communications | MailChannels Corporation — Canada | Canada, United States, and other locations used by MailChannels and its subprocessors |
| Cloudflare | CDN, DNS, security, traffic routing, DDoS mitigation, performance optimization, edge network services, and related platform services | Subprocessor where Cloudflare processes Customer Personal Data for customer-facing CDN, DNS, security, routing, or related Services; service provider / processor for Rochen website, platform, security, and operational data | Applicable Cloudflare contracting entity | Global |
| BunnyCDN / bunny.net | CDN, edge caching, content delivery, performance optimization, media/static asset delivery, and related edge network services | Subprocessor where BunnyCDN processes Customer Personal Data for customer-facing CDN, caching, content delivery, routing, logs, or related Services; service provider / processor for Rochen website, platform, performance, and operational data | BunnyWay d.o.o. — Slovenia | Global |
| Enom | Domain registration, domain management, WHOIS/RDAP, registrar services, domain contact data, and related domain services | Service provider / processor for domain registration data; may act as an independent controller or joint controller where required for registrar, registry, ICANN, WHOIS/RDAP, legal, or compliance purposes | Enom, LLC — United States | United States and other locations used by Enom, registries, ICANN, and related domain service providers |
| Stripe | Payment processing, billing, payment records, fraud prevention, and related payment services | Service provider / processor for Customer Relationship Data; may act as an independent controller for some payment-related processing | Stripe Payments UK, Ltd. — United Kingdom | United Kingdom, European Union, United States, and other locations used by Stripe |
| Worldpay | Payment processing, billing, card processing, fraud prevention, chargebacks, and related payment services | Service provider / processor for Customer Relationship Data; may act as an independent controller for some payment-related processing | Worldpay Limited — United Kingdom | United Kingdom, European Union, United States, and other locations used by Worldpay |
| MaxMind | Fraud detection, risk scoring, IP intelligence, geolocation, abuse prevention, and account security | Service provider / processor for Customer Relationship Data, fraud-prevention data, and security metadata | MaxMind, Inc. — United States | United States and other locations used by MaxMind |
| Google Workspace | Rochen email, internal business communications, document collaboration, and business administration | Service provider / processor for Customer Relationship Data and communications with Rochen | Applicable Google contracting entity, expected to be Ireland / EEA for Rochen’s account | Global |
| Microsoft 365 | Productivity tools, internal documents, business administration, and internal collaboration | Service provider / processor for Customer Relationship Data and internal business records | Microsoft Limited — United Kingdom | United Kingdom, European Union, United States, and other locations used by Microsoft |
| Slack | Internal communication and collaboration for support, operations, security, and business administration | Service provider / processor for Customer Relationship Data and internal operational communications; may process Customer Personal Data if included in internal support discussions | Applicable Slack / Salesforce contracting entity | United States, European Union, and other locations used by Slack and its subprocessors |
| cPanel / WebPros | Control panel software, licensing, technical support, diagnostics, and troubleshooting | Software provider; not a subprocessor solely because its software is installed on Rochen-managed infrastructure. May act as a subprocessor where Rochen grants support access to systems, logs, diagnostics, or other data containing Customer Personal Data for support or troubleshooting | WebPros International, LLC | United States, European Union, and other locations used by cPanel / WebPros and its subprocessors |
| CloudLinux | Operating system software, server isolation, resource management, security software, licensing, technical support, diagnostics, and troubleshooting | Software provider; not a subprocessor solely because its software is installed on Rochen-managed infrastructure. May act as a subprocessor where Rochen grants support access to systems, logs, diagnostics, or other data containing Customer Personal Data for support or troubleshooting | Cloud Linux Software, Inc. — United States | United States, European Union, and other locations used by CloudLinux and its subprocessors |
| LiteSpeed Technologies | Web server software, caching software, licensing, technical support, diagnostics, and troubleshooting | Software provider; not a subprocessor solely because its software is installed on Rochen-managed infrastructure. May act as a subprocessor where Rochen grants support access to systems, logs, diagnostics, or other data containing Customer Personal Data for support or troubleshooting | LiteSpeed Technologies Inc. — United States | United States and other locations used by LiteSpeed and its service providers |
| Chatlio | Sales chat and website visitor/customer communications | Service provider / processor for sales chat, inquiries, and Customer Relationship Data | Chatlio LLC d/b/a Chatlio and Roomlio — United States | United States and other locations used by Chatlio and its subprocessors |
| DeepL | Translation and language assistance for support, sales, chat, account, and customer communications | Service provider for Customer Relationship Data; Subprocessor where Customer Personal Data is included in translated support communications | DeepL SE — Germany | European Union and other locations used by DeepL and its subprocessors |
| Google Cloud Translation API | Translation and language assistance for support, sales, chat, account, and customer communications | Service provider for Customer Relationship Data; Subprocessor where Customer Personal Data is included in translated support communications | Google Cloud EMEA Limited — Ireland | Global, or configured regional locations where available |
| Google Analytics | Website analytics, traffic measurement, performance analytics, and usage reporting | Service provider / processor for website analytics data; Google may also act as a controller for certain processing depending on configuration, settings, and applicable Google terms | Google Ireland Limited — Ireland | Global |
| Google Ads / Google Marketing Platform | Advertising, remarketing, conversion tracking, campaign measurement, and marketing cookies | Advertising and marketing provider; may act as processor, independent controller, or on a controller-to-controller basis depending on the product, configuration, and applicable Google terms | Applicable Google contracting entity, generally Google Ireland Limited for EEA/UK-facing advertising services | Global |
| Meta | Advertising, remarketing, conversion tracking, campaign measurement, Meta Pixel / Business Tools, and marketing cookies | Advertising and marketing provider; may act as independent controller, joint controller, or processor depending on the product, configuration, and applicable Meta terms | Applicable Meta contracting entity, commonly Meta Platforms Ireland Limited for EEA-facing services | Global |
| AdRoll / NextRoll | Advertising, retargeting, conversion tracking, campaign measurement, and marketing analytics | Advertising and marketing provider; may act as service provider / processor or independent controller depending on the product, configuration, and applicable NextRoll terms | NextRoll, Inc. — United States | United States, European Union, and other locations used by NextRoll |
Where Rochen makes region selection available for hosting services, Customer may select the applicable hosting region.
Customer-selected hosting regions apply to the applicable customer-facing hosting infrastructure, but some operational processing may still occur outside the selected hosting region. This may include support access, monitoring, security, backups, off-site backup storage, DNS, CDN and edge delivery, email routing, payment processing, fraud prevention, translation, internal communications, account administration, and other operational functions. Rochen-operated systems used to provide, support, secure, and administer the Services may also be hosted, backed up, monitored, or processed using approved infrastructure providers.
Processing locations listed above may include locations where the provider hosts data, provides support, performs security or fraud prevention, routes communications, processes payments, provides translation, delivers content through edge networks, caches content, processes logs, or uses approved subprocessors.
Rochen may provide the Services through Rochen Affiliates, including Rochen US, Inc.
Where a Rochen Affiliate processes Customer Personal Data on behalf of Customer, Rochen will ensure that the Affiliate is bound by obligations consistent with Rochen’s Data Processing Agreement. Rochen remains responsible for the performance of its Affiliates to the extent required by Applicable Data Protection Laws.
Rochen Affiliates may also process Customer Relationship Data where necessary to provide, support, secure, operate, administer, or improve the Services, as described in Rochen’s Privacy Notice.
Rochen uses commercial and open-source software to provide the Services.
Software vendors are not listed as subprocessors solely because their software is installed or used on Rochen-managed infrastructure.
However, a software vendor may act as a subprocessor where Rochen grants the vendor support access to systems, logs, diagnostics, configuration data, or other information that contains Customer Personal Data, or where Customer Personal Data is otherwise transferred to, accessed by, or processed by that vendor for support, diagnostics, troubleshooting, hosted functionality, managed services, or other processing.
Rochen limits vendor support access to what is reasonably necessary for the relevant support or troubleshooting request. Vendor support access should be approved, time-limited where practicable, monitored or supervised where appropriate, and subject to applicable confidentiality and data protection obligations.
Rochen may store backups separately from the primary hosting infrastructure using approved third-party storage providers.
Where possible and operationally appropriate, backup data may be stored in the same country as the primary hosting region. However, backup storage may be located in a different country or region from the selected primary hosting region where local backup storage is unavailable, not supported, or not used for the applicable Service.
Off-site backup storage is used for resilience, security, disaster recovery, and restoration purposes.
Backups may include Customer Personal Data where they relate to customer-facing Services, and Customer Relationship Data where they relate to Rochen-operated systems, accounts, support records, internal systems, or business operations.
Rochen may use CDN, DNS, security, and edge network providers for both Rochen-operated websites and platform services, and for customer-facing Services.
Where these providers process data for customer-facing Services, they may process Customer Personal Data as subprocessors. Where they process data for Rochen-operated websites, portals, analytics, security, or business operations, they process Customer Relationship Data or website visitor data as service providers / processors.
CDN, DNS, and edge providers may process data globally because requests may be routed, cached, filtered, logged, or served from edge locations near the requesting user.
Rochen may use approved email delivery, routing, filtering, and deliverability providers for both Rochen-operated communications and customer-facing Services.
Where these providers process email or related data for customer-facing Services, they may process Customer Personal Data as subprocessors. Where they process email or related data for Rochen-operated communications, account notices, support communications, billing communications, platform notifications, or business operations, they process Customer Relationship Data as service providers / processors.
Email delivery and routing providers may process information such as sender and recipient email addresses, message headers, message content, IP addresses, delivery logs, bounce data, suppression data, spam and abuse signals, and related metadata.
Email delivery and routing may involve processing outside the selected hosting region because email may be routed, filtered, scanned, queued, logged, or delivered through provider infrastructure in multiple locations.
When Customer registers or manages a domain name through Rochen, domain registration data may be shared with domain registration providers, registrars, registries, ICANN, WHOIS/RDAP services, escrow providers, dispute-resolution providers, and other parties involved in domain registration and management.
Domain registration providers may process personal data as Rochen’s service provider / processor, as an independent controller, as a joint controller, or as a separate controller, depending on the processing activity, applicable registry rules, ICANN requirements, legal obligations, and the provider’s own terms.
Certain domain registration data may be made available through WHOIS or RDAP services, subject to applicable registry rules and data protection laws.
Payment providers may process personal data for payment processing, fraud prevention, anti-money laundering, regulatory compliance, card network rules, chargebacks, tax, accounting, and financial reporting.
Depending on the processing activity, payment providers may act as Rochen’s service provider / processor, as an independent controller, or as both.
Rochen uses internal communication and collaboration tools to operate the business and provide support.
Customer Personal Data should not generally be placed into these tools unless reasonably necessary for support, security, troubleshooting, abuse prevention, legal compliance, or operation of the Services.
Where Customer Personal Data is included in internal communications, Rochen will handle that data in accordance with the Data Processing Agreement to the extent Rochen processes it on behalf of Customer.
Rochen may use approved business translation providers to translate or assist with translating support, sales, chat, account, and other customer communications.
Where translated communications include Customer Relationship Data, the translation provider processes that data in connection with Rochen’s customer relationship and business operations.
Where translated support communications include Customer Personal Data submitted by or on behalf of Customer for support, the translation provider may act as a subprocessor for that Customer Personal Data.
Rochen does not permit staff to use unapproved personal, free, or consumer translation tools for customer communications.
Rochen may use analytics and advertising providers to understand website usage, measure marketing performance, deliver and measure advertisements, and attribute referrals or conversions.
These providers may process information such as IP addresses, device and browser information, cookie identifiers, page views, referral URLs, campaign information, and conversion events.
Analytics and advertising providers may act as Rochen’s service provider / processor, as an independent controller, as a joint controller, or as both, depending on the provider, product, configuration, applicable law, and the provider’s own terms.
Rochen uses a cookie consent mechanism to obtain consent where required before placing non-essential analytics, marketing, or advertising cookies.
Rochen may update this list from time to time to reflect changes to its providers, Affiliates, Services, processing activities, or legal requirements.
Where required by Rochen’s Data Processing Agreement, Rochen will provide notice of new or replacement Subprocessors by updating this page or by another appropriate method.
Last updated: April 29 2026