Legal document
Subprocessors
Version 1.0 · Effective from May 1, 2026
Tessera uses a small number of subprocessors to deliver the service. The policy is to minimise the number of providers and pick each on explicit criteria of data sovereignty, operational quality and public track record. This list is the single source of truth and is kept up to date.
Change policy
Any addition, removal or substantial change in the subprocessor list is notified to active customers by email with a minimum 30-day notice. During that period, the customer may object to the change. If the objection is not resolved through an alternative subprocessor acceptable to both parties, the customer may terminate the contract without penalty.
Selection criteria
To onboard a subprocessor, Tessera evaluates:
- Physical processing location and ability to provide EU residency.
- DPA with Standard Contractual Clauses where international transfer applies.
- Public security track record and incident response history.
- Documentary or on-site audit capability.
- Economic sustainability of the provider (no critical dependency on at-risk vendors).
Current subprocessor list
| Subprocessor | Role | Region | DPA |
|---|---|---|---|
| Hetzner Online GmbH | Primary GPU hosting and network | EU (Germany, Finland) | Standard DPA signed |
| RunPod, Inc. | Secondary GPU hosting / failover | EU + US | DPA upon request |
| Cloudflare, Inc. | DNS, CDN, DDoS protection | Global with EU edge | Standard DPA signed |
| Stripe Payments Europe Ltd | Payment processing and billing | EU (Ireland) | Standard DPA signed |
| Resend | Transactional and marketing email | US | DPA upon request |
| Plausible Insights OÜ | Web analytics (cookieless, no PII) | EU (Estonia) | Standard DPA signed |
Contact
- Subprocessor questions:: legal@tesseraai.cloud
- Privacy and DPO:: dpo@tesseraai.cloud
Changelog
| Version | Date | Changes |
|---|---|---|
| 1.0 | 2026-05-01 | Initial publication. |