Subprocessors List
1. Introduction
This document lists the third-party subprocessors engaged by Browser.lol (operated by Zesiger.net) to process personal data in connection with the Service. Browser.lol and Guard.ch are operated by the same entity and run on a shared platform (one account system, one API, one database), so several vendors below serve both services.
Each subprocessor is assessed before engagement and is contractually bound to protect personal data in accordance with applicable data protection laws, including the GDPR and the Swiss FADP.
This list is updated whenever we engage new subprocessors or make changes to existing ones. Customers will be notified at least 30 days in advance of changes that affect how personal data is processed, stored or transferred.
2. Change Notification Process
2.1. How We Notify You
When we intend to add or replace a subprocessor in a way that affects how personal data is processed, stored or transferred, we will notify you at least 30 days before the change takes effect through one or more of:
- Email notification to your registered account email address
- A notice in your account dashboard
- An update to this page together with the "Last Updated" date
Changes that do not affect how personal data is processed, stored or transferred (for example a vendor's corporate rename, an address update, or the removal of a vendor) may be reflected by updating this page only.
2.2. Your Right to Object
You may object to the addition or replacement of a subprocessor on reasonable grounds relating to data protection. To object:
- Email legal@browser.lol within 30 days of our notification
- Describe your specific data protection concerns about the subprocessor
- We will discuss your concerns in good faith and seek a resolution
- If no resolution can be reached, you may terminate the affected Services without penalty
3. Infrastructure and Hosting Providers
Hetzner Online GmbH
Service: Durable hosting: production database, object storage (including mail attachments and encrypted backups), account and billing records
Data Processed: All durable customer data: account data, session metadata, integrated mail messages, workspace metadata, billing artefacts
Purpose: Single primary storage region and primary infrastructure provider; there is no durable copy of customer data outside this region
Location: Helsinki, Finland (EEA). Entity seat: Gunzenhausen, Germany.
Data Transfer Mechanism: EEA processing (no third-country transfer); Hetzner data processing agreement in place
Privacy Policy: https://www.hetzner.com/legal/privacy-policy
OVHcloud (OVH Singapore PTE Ltd)
Service: APAC edge compute for browser workspaces (ephemeral containers only, no persistent data storage)
Data Processed: Temporary workspace compute and streaming traffic. All persistent data remains in Helsinki.
Purpose: Low-latency browser workspaces for users in the Asia-Pacific region
Location: Singapore. Singapore holds no EU or Swiss adequacy decision.
Data Transfer Mechanism: EU Standard Contractual Clauses (2021/914) and the Swiss FDPIC-recognised equivalent; encryption in transit (TLS, DTLS-SRTP)
Privacy Policy: https://www.ovhcloud.com/en/personal-data-protection/
FiberState, LLC
Service: North America edge compute for browser workspaces (ephemeral containers only, no persistent data storage)
Data Processed: Temporary workspace compute and streaming traffic. All persistent data remains in Helsinki.
Purpose: Low-latency browser workspaces for users in North America
Location: Salt Lake City, Utah, United States
Data Transfer Mechanism: FiberState is not certified under the EU-US Data Privacy Framework. EU Standard Contractual Clauses and the Swiss FDPIC-recognised equivalent; encryption in transit
OVHcloud (OVH Hebergement INC)
Service: North America edge compute for browser workspaces (ephemeral containers only, no persistent data storage)
Data Processed: Temporary workspace compute and streaming traffic. All persistent data remains in Helsinki.
Purpose: Low-latency browser workspaces for users in North America
Location: Beauharnois, Quebec, Canada
Data Transfer Mechanism: Canada holds an EU adequacy decision (PIPEDA) recognised by Switzerland; Standard Contractual Clauses and the Swiss equivalent are additionally in place
Privacy Policy: https://www.ovhcloud.com/en/personal-data-protection/
4. Content Delivery, Security and Mail Routing
Cloudflare, Inc.
Service: Authoritative DNS, delivery of the web frontend (including TLS termination on those routes), bot protection (Turnstile) on registration, sign-in and similar forms, and Email Routing for inbound messages to the integrated mail service
Data Processed: IP addresses, request metadata, security signals; for Email Routing: inbound email envelopes and content in transit to our infrastructure
Purpose: Website delivery and performance, bot and DDoS protection, inbound mail routing
Location: Entity seat: San Francisco, California, United States. Global anycast edge.
Data Transfer Mechanism: Certified under the EU-US Data Privacy Framework including the Swiss-US extension; EU Standard Contractual Clauses and the Swiss equivalent as fallback
Privacy Policy: https://www.cloudflare.com/privacypolicy/
5. Identity Providers
Google LLC (Sign in with Google)
Service: OAuth 2.0 identity assertion when you choose to sign in with Google
Data Processed: Verified email address, name, profile picture URL
Purpose: Optional single sign-on
Location: Mountain View, California, United States
Data Transfer Mechanism: Certified under the EU-US Data Privacy Framework including the Swiss-US extension; Standard Contractual Clauses as fallback
Privacy Policy: https://policies.google.com/privacy
Microsoft Corporation (Sign in with Microsoft)
Service: OAuth 2.0 / OpenID Connect against Microsoft Entra ID for organizations that enable single sign-on
Data Processed: Verified email address, display name, tenant identifier
Purpose: Optional enterprise single sign-on
Location: Redmond, Washington, United States
Data Transfer Mechanism: Certified under the EU-US Data Privacy Framework including the Swiss-US extension; Microsoft data protection terms with Standard Contractual Clauses as fallback
Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
6. Payment Processors
Stripe Payments Europe, Ltd.
Service: Card payment processing: checkout, invoices, receipts, refunds and dispute handling. Stripe Payments Europe, Ltd. is the Stripe entity we contract with.
Data Processed: Name, email address, billing details, payment card data (entered directly with Stripe; we never see full card numbers), transaction history
Purpose: Payment processing for purchases
Location: Dublin, Ireland (EEA)
Data Transfer Mechanism: EEA processing under the GDPR; Stripe data processing agreement
Privacy Policy: https://stripe.com/privacy
Stripe, Inc.
Service: US Stripe group processing connected to payment, risk and fraud-prevention infrastructure
Data Processed: Payment and risk data as described by Stripe
Purpose: Payment infrastructure, fraud prevention
Location: South San Francisco, California, United States
Data Transfer Mechanism: Certified under the EU-US Data Privacy Framework including the Swiss-US extension; Standard Contractual Clauses as fallback
Privacy Policy: https://stripe.com/privacy
NOWPayments
Service: Cryptocurrency payment processing for one-time purchases
Data Processed: Order reference, payment amount, cryptocurrency transaction data; we receive a confirmation of payment linked to your order
Purpose: Optional cryptocurrency checkout
Location: Operates internationally; see the provider's privacy policy for its processing locations
Data Transfer Mechanism: EU Standard Contractual Clauses and the Swiss FDPIC-recognised equivalent where required
Privacy Policy: https://nowpayments.io/privacy-policy
7. Communication Services
Google Ireland Limited (Google Workspace, Gmail)
Service: Outbound transactional email (account verification, receipts, service notices), sent from noreply@browser.lol (the shared transactional mail address of the browser.lol and guard.ch platform) through the Google Workspace SMTP relay
Data Processed: Recipient email address, message subject and content of transactional emails
Purpose: Reliable delivery of transactional email
Location: Dublin, Ireland (EEA). Mail data may be processed by Google LLC in the United States.
Data Transfer Mechanism: Google Workspace Data Processing Amendment; for US processing by Google LLC: EU-US Data Privacy Framework including the Swiss-US extension, Standard Contractual Clauses as fallback
Privacy Policy: https://policies.google.com/privacy
8. AI and Machine Learning Services
OpenRouter, Inc.
Service: LLM API gateway used for the optional AI features of the integrated mail service (summaries, call-to-action detection); OpenRouter forwards requests to the configured inference provider (currently Google Gemini models) as a sub-subprocessor
Data Processed: Email message content submitted for summarization, without account credentials
Purpose: AI-powered mail features. This is the only channel through which user mail content reaches an AI provider.
Location: United States (OpenRouter). The location of the routed inference provider depends on the model configured at the time of the request.
Data Transfer Mechanism: OpenRouter is not certified under the EU-US Data Privacy Framework. EU Standard Contractual Clauses (2021/914) and the Swiss FDPIC-recognised equivalent are the applicable transfer mechanism
Privacy Policy: https://openrouter.ai/privacy
OpenAI OpCo, LLC
Service: Automated anomaly detection over aggregated server-side operational logs
Data Processed: Server-side log excerpts. The content of browser workspace sessions and user mail is never sent to this provider.
Purpose: Operational monitoring and alerting
Location: San Francisco, California, United States
Data Transfer Mechanism: OpenAI data processing agreement; certified under the EU-US Data Privacy Framework, Standard Contractual Clauses as fallback. API traffic is excluded from model training by contract.
Privacy Policy: https://openai.com/privacy/
9. Security and Verification Services
Reoon
Service: Email address verification at account registration
Data Processed: The email address provided during registration
Purpose: Detect invalid or disposable email addresses and prevent fraudulent registrations. Addresses are submitted for verification only and are not retained by the provider beyond verification.
Location: See the provider's privacy policy for its processing locations
Data Transfer Mechanism: EU Standard Contractual Clauses and the Swiss FDPIC-recognised equivalent where required
Privacy Policy: https://www.reoon.com/privacy-policy/
Google LLC (Web Risk)
Service: Hostname reputation lookups against known malware, social engineering and unwanted software infrastructure
Data Processed: Hostnames being checked. No account data is sent with these lookups.
Purpose: Detection of known-malicious infrastructure
Location: Mountain View, California, United States
Data Transfer Mechanism: Certified under the EU-US Data Privacy Framework including the Swiss-US extension; Standard Contractual Clauses as fallback
Privacy Policy: https://policies.google.com/privacy
IP Address Analysis (no external subprocessor)
IP geolocation, VPN/proxy detection and risk assessment are performed against locally hosted databases on our own infrastructure. No IP intelligence vendor receives your data at runtime for these checks.
10. Analytics and Advertising Services
Google LLC (Google Analytics 4)
Service: Website usage analytics (measurement ID G-VLXBKHVENH)
Data Processed: Cookie identifiers, device and browser information, pages visited, session and interaction data, truncated IP information as processed by Google Analytics 4
Purpose: Understand how the website is used and improve it
Location: United States (global operations)
Data Transfer Mechanism: Certified under the EU-US Data Privacy Framework including the Swiss-US extension; Standard Contractual Clauses as fallback
Note: Opt-out: Google Analytics Opt-out Browser Add-on
Privacy Policy: https://policies.google.com/privacy
Playwire LLC
Service: Advertising platform funding the free, ad-supported tier
Data Processed: IP addresses, cookies, browser and device information, ad interaction data (views, clicks) on ad-supported pages
Purpose: Display, cap and measure advertisements on the free tier. Ads are not shown to Premium users.
Location: United States
Data Transfer Mechanism: Standard Contractual Clauses and the Swiss FDPIC-recognised equivalent
Privacy Policy: https://www.playwire.com/privacy-policy
11. Logging and Telemetry
Axiom, Inc.
Service: Server-side log aggregation and operational telemetry
Data Processed: Application log events, which can include IP addresses, user IDs, session IDs and workspace IDs
Purpose: Centralized operational logging, troubleshooting and monitoring
Location: United States
Data Transfer Mechanism: Axiom data processing terms; EU Standard Contractual Clauses and the Swiss FDPIC-recognised equivalent
Privacy Policy: https://axiom.co/privacy
12. Summary Table
| Subprocessor | Category | Location | Transfer Mechanism |
|---|---|---|---|
| Hetzner Online GmbH | Durable hosting | Helsinki, Finland (EEA) | EEA-based |
| OVHcloud (Singapore) | Edge compute | Singapore | SCCs + CH equivalent |
| FiberState, LLC | Edge compute | Salt Lake City, USA | SCCs + CH equivalent |
| OVHcloud (Canada) | Edge compute | Beauharnois, Canada | Adequacy + SCCs |
| Cloudflare, Inc. | DNS / delivery / Turnstile / Email Routing | United States (global edge) | DPF, SCCs fallback |
| Google LLC (Sign-in) | Identity | United States | DPF, SCCs fallback |
| Microsoft Corporation | Identity (SSO) | United States | DPF, SCCs fallback |
| Stripe Payments Europe, Ltd. | Payments | Dublin, Ireland (EEA) | EEA-based |
| Stripe, Inc. | Payments | United States | DPF, SCCs fallback |
| NOWPayments | Payments (crypto) | International | SCCs + CH equivalent |
| Google Ireland Ltd (Workspace) | Transactional email | Dublin, Ireland (EEA) / US | DPA; DPF for US processing |
| OpenRouter, Inc. | AI (mail features) | United States | SCCs + CH equivalent |
| OpenAI OpCo, LLC | AI (log analysis) | United States | DPF, SCCs fallback |
| Reoon | Email verification | See provider | SCCs where required |
| Google LLC (Web Risk) | Security | United States | DPF, SCCs fallback |
| Google LLC (Analytics 4) | Analytics | United States | DPF, SCCs fallback |
| Playwire LLC | Advertising | United States | SCCs + CH equivalent |
| Axiom, Inc. | Logging | United States | SCCs + CH equivalent |
SCCs = EU Standard Contractual Clauses (2021/914) | CH equivalent = Swiss FDPIC-recognised equivalent of the SCCs | DPF = EU-US Data Privacy Framework including the Swiss-US extension
13. Questions and Contact
For questions about our subprocessors or to exercise your right to object:
Data protection contact: legal@browser.lol
Postal Address: Janis Zesiger, Mügeri 340, 5046 Schmiedrued, Switzerland
We have not appointed a data protection officer because none of the thresholds that would require one applies to our processing. For more information about data processing, see our Privacy Policy.
Last Updated: June 11, 2026