Version 1.0 · Last updated: 27.05.2026
The following third-party service providers may, as part of Webfronten ApS' services for hosting, maintenance and operation of WordPress websites, access personal data stored on or processed via the customer's website. Webfronten ensures that data processing agreements are in place with all sub-processors, and that sub-processors located outside the EU/EEA have a valid transfer basis in accordance with Chapter V of the General Data Protection Regulation.
This list is published pursuant to section 7 of Webfronten's Data Processing Agreement and is updated when changes occur.
| Sub-processor | Purpose | Data type(s) | Country | Transfer basis |
|---|---|---|---|---|
| 1Password (AgileBits Inc.) | Password management and secure storage of login credentials | Access credentials for the customer's systems (usernames, passwords) | CA / US | SCC |
| Amazon Web Services (SES) | Transactional outbound email delivery | Email addresses and email content from system and contact form messages | US | DPF |
| Anthropic (Claude AI) | Programming assistance, task resolution and correspondence handling | Correspondence and content that may contain customers' personal data | US | DPF / SCC |
| Asana | Project and task management | Contact details and task-related information about the customer's contacts | US | SCC / DPF |
| Cloudflare | CDN, DNS, security and CAPTCHA (Turnstile) | IP addresses, technical metadata and traffic and log data from visitors | US / EU | SCC / DPF |
| Google Workspace | Email and document handling | Email correspondence and documents that may contain personal data | US / EU | SCC / DPF |
| Hetzner Online GmbH | Web hosting – storage of web servers and databases | All personal data stored on or processed via the customer's website | DE (EU) | Within EU |
| Kit (formerly ConvertKit) | Sending of service emails and newsletters | Name and email address of customers and contact persons | US | DPF / SCC |
| Patchstack | WordPress plugin vulnerability monitoring | Technical metadata about the website; as a rule, no directly personal data | EE (EU) | Within EU |
| Punktum dk A/S | Domain registration and DNS management | Domain and registrant details (name, contact information) | DK (EU) | Within EU |
| RunCloud | Server management and configuration | Server configuration and access credentials; indirect access to data on the server | US | SCC |
| WP Umbrella (Liven Studio) | Remote monitoring and management of WordPress sites | Technical metadata and backup data that may contain personal data | FR (EU) | Within EU |
Transfer Basis – Abbreviations
- DPF: EU–U.S. Data Privacy Framework, approved by the European Commission in July 2023
- SCC: Standard Contractual Clauses issued by the European Commission (2021)
- Within EU: No separate transfer mechanism required
Notification of Changes
Webfronten will notify the data controller of any intended addition or replacement of sub-processors by updating this page and sending notice to the data controller's registered email address at least 14 days before the change takes effect. The data controller may, within the notice period, raise a reasoned objection to a new or replacement sub-processor in accordance with the procedure set out in section 7.3 of the Data Processing Agreement.
Questions regarding this list can be directed to [email protected].