Sub-processors
Last updated: 19 November 2025
This page lists third parties that process personal data on behalf of Aneo B.V. as part of our products and services. It covers aneo.io and all subdomains and aliases (for example app.aneo.io, api.aneo.io, docs.aneo.io, status.aneo.io).
How we use sub-processors
We engage specialist providers for hosting, authentication, AI model inference, database, email/CRM, and analytics. We require appropriate data protection commitments and security measures. For customers on supported plans we offer EU data residency and a zero-retention option for certain data flows.
Notice of changes
We will update this page in advance of adding or replacing a sub-processor and will provide at least 15 days prior notice by updating this page and notifying admin users by email. If you object to a change, contact legal@aneo.io within the notice period.
Aneo configuration note: Our primary processing locations for core product data are in the EU. Google Cloud Platform projects and Supabase databases are provisioned in EU regions.
Current sub-processors
Provider | Purpose | Data types | Processing location(s) | Transfer mechanism | Certifications | Retention | Notes |
|---|---|---|---|---|---|---|---|
Application hosting, storage, backups | Customer Content, account data, logs, backups | EU regions selected by Aneo | N/A for EU-only; SCCs where applicable | See Trust Center & Compliance | Per Aneo retention schedule; rolling backups | Primary infrastructure for products | |
Marketing website hosting, DNS/domain, CDN features | IP addresses, request logs, static site content, DNS records | EU data centers and global CDN (per provider) | SCCs where applicable | Logs typically ephemeral; static content duration varies | Marketing site and domain management; see also Privacy Policy | ||
User authentication | Email, name, identity provider claims, device and session tokens | EU or global (as configured) | SCCs where applicable | Google Cloud security & DPT | Session tokens ephemeral; auth records per config | ||
Federated login | Profile data, email, identifiers | Per provider | Provider terms; SCCs where applicable | Google security & privacy | Per provider | Acts as separate controller; user-initiated authentication | |
Federated login | Profile data, email, identifiers | Per provider | Provider terms; SCCs where applicable | Microsoft security & privacy | Per provider | Acts as separate controller; user-initiated authentication | |
Federated login | Profile data, email, identifiers | Per provider | Provider terms; SCCs where applicable | LinkedIn security & privacy | Per provider | Acts as separate controller; user-initiated authentication | |
LLM inference for AI features | Prompts, model outputs, system metadata | Per provider | SCCs / provider processor terms | Per provider; no training on Customer Content unless opted in | See also Your data controls | ||
Managed PostgreSQL database and storage | Customer Content, account data, metadata | EU regions (e.g., Frankfurt/Ireland/London/Paris) | N/A for EU-only; SCCs where applicable | Per Aneo retention schedule | Primary application database; see available regions | ||
CRM, marketing, support communications | Account and contact info, support interactions | EU/US (per provider) | SCCs where applicable | Trust Center & SOC reports | Per CRM settings | Business operations only, not core product data | |
Business email and collaboration | Names, business emails, support communications, attachments | EU/US (per provider) | SCCs where applicable | Security & Trust resources | Per admin settings | Company email and docs | |
Website/product analytics (cookie-gated) | Usage events, device/browser data | EU and global (as configured) | SCCs where applicable | Analytics Help Center | Per GA retention settings | GA4 does not log or store IP addresses; see Data retention settings |
Processing locations reflect Aneo configuration where supported. Exact regions and retention may change as configurations evolve; we will update this page accordingly.
Former sub-processors
| Provider | Purpose | Active until | Replacement |
|---|---|---|---|
| — | — | — | — |
Questions
For questions or objections regarding sub-processors, contact legal@aneo.io.