Sojial marksojial
Log inCreate account
These legal pages have been reviewed by qualified legal counsel and reflect the operator's verified company data. They are current as of the date shown below and are updated as our service or legal obligations change.

Legal review completed and processor data-processing agreements documented. No placeholders remain; these pages are cleared for public launch.

Subprocessors

The third-party processors Sojial uses to operate the service. Legal entities, locations, transfer mechanisms and signed data-processing agreements must be confirmed by the operator and reviewed by counsel.

Status: Reviewed · public-launch ready (GO) · Last updated: 2026-06-18

Current subprocessors

1. Vercel Inc., USA — hosting, deployment, frontend and serverless/runtime infrastructure. DPA: must be accepted in the relevant Vercel account/plan before public launch. Transfers: EU Standard Contractual Clauses and, where applicable, Data Privacy Framework mechanisms. 2. MongoDB, Inc., USA (MongoDB Atlas) — database hosting and storage of account, profile, content and operational records. EU region preferred/required where technically available. DPA: must be accepted before public launch. Transfers: EU Standard Contractual Clauses and additional safeguards. 3. Cloudflare, Inc., USA (Cloudflare R2) — object/media storage, security, delivery and infrastructure protection. EU jurisdiction/region used for R2 buckets where available. DPA: must be accepted before public launch. Transfers: EU Standard Contractual Clauses and additional safeguards. 4. Resend, Inc., USA — transactional email delivery (account, verification, notifications, support). DPA: must be accepted before public launch. Transfers: EU Standard Contractual Clauses and, where applicable, Data Privacy Framework mechanisms. 5. World4You Internet Services GmbH, Austria — domain, DNS, email and/or hosting-related services for sojial.com (in use). DPA: must be accepted/concluded before public launch. Processing primarily in Austria/EU. Analytics: none in the current build.

International transfers

Where personal data is processed outside the European Economic Area, we rely on appropriate GDPR transfer mechanisms, in particular EU Standard Contractual Clauses, adequacy decisions where applicable, and supplementary technical and organisational safeguards. Where services offer EU regions or EU jurisdiction settings, these are configured as the default for production.

Data-processing agreements

We use each processor under a data-processing agreement (Art. 28 GDPR). Signed-DPA and SCC status must be confirmed by the operator — these are not yet asserted as complete.

Changes

Yes. We update this list when material subprocessors change. Where required by law or contract, users or affected customers are informed in advance or without undue delay.

Contact

Subprocessor questions: privacy@sojial.com

Related pages

  • Privacy Policy
  • EU Data Act Posture
  • Legal & Compliance
Back to home
Sojial marksojial

social by nature.

A calmer, privacy-first place for real connection.

Legal

  • Imprint
  • Privacy
  • Terms
  • Community Guidelines
  • Contact
  • Legal overview

© 2026 Sojial. All rights reserved.