Version 1.0 · Last updated Fri May 22 2026 00:00:00 GMT+0000 (Coordinated Universal Time)
Cakester Sub-processors
This page lists the third parties ("Sub-processors") that Cakester AB engages to process personal data on behalf of our customers, as referenced in our Data Processing Agreement (Clause 7). We keep it current and provide notice of changes as described in the DPA.
The primary store of customer and employee data â our application database â is hosted within the European Union (Sweden). Some supporting services are operated by providers established outside the EEA; for those, transfers rely on the safeguards noted below (EU Standard Contractual Clauses and/or the EUâUS Data Privacy Framework).
Current Sub-processors
| Sub-processor | Purpose | Personal data processed | Location | Transfer safeguard |
|---|---|---|---|---|
| Microsoft Azure (Microsoft Ireland Operations Ltd.) | Cloud hosting and application database | All platform data | EU â Sweden Central | Within EEA |
| Wolt Enterprises Oy | Courier delivery of orders | Recipient name, delivery location, dietary requirement for the order | EU â Finland | Within EEA |
| PostHog (EU Cloud) | Product usage analytics | Usage events and account-user identifiers | EU | Within EEA (EU Cloud region) |
| Resend, Inc. | Transactional email delivery | Recipient email address; names and dietary information contained in order/notification emails | United States | SCCs and/or EUâUS Data Privacy Framework |
| Clerk, Inc. | Authentication for account users (HR/admin) | Account-user identity and login data | United States | SCCs and/or EUâUS Data Privacy Framework |
| Functional Software, Inc. (Sentry) | Error and performance monitoring | Diagnostic data, which may incidentally include identifiers | United States (EU region where configured) | SCCs and/or EUâUS Data Privacy Framework |
| Partner bakeries | Order fulfilment (baking and preparation) | Recipient first name, dietary requirements, delivery location | EU â Sweden | Within EEA; contractually bound under terms no less protective than the DPA |
Partner bakeries are independent businesses contracted to fulfil orders. They receive only the information necessary to prepare and label an order and are bound by confidentiality and data-protection obligations.
Notice of changes
We will update this page and provide notice to the registered account email address before adding or replacing a Sub-processor that processes personal data, in accordance with DPA Clause 7.3. Customers may object on reasonable grounds as described there.
Contact
Questions about our Sub-processors: legal@cakester.io