Proofix is operated by Digital Ledger Systems AG (Roosstrasse 53, 8832 Wollerau, Switzerland). To deliver the service, we engage a small number of third-party subprocessors. This page lists every one of them, the data each receives, and the legal mechanisms covering the transfer.

We give you advance notice of any change to this list at least 30 daysbefore a new subprocessor begins processing personal data. Subscribe to updates by emailing info@proofix.ch with the subject Subprocessor updates.

Current subprocessors

1. Infomaniak Network SA — Object storage (encrypted file blobs)

Role: Processor (GDPR Art. 28).
Service: Public Cloud — S3-compatible object storage.
Data processed: AES-256-GCM ciphertext of user-uploaded files. The plaintext + decryption key never leave the user's browser.
Location of processing: Switzerland (Geneva data centres). No transfer outside Switzerland.
Legal entity: Infomaniak Network SA, Rue Eugène-Marziano 25, 1227 Les Acacias, Geneva, Switzerland.
Privacy policy: infomaniak.com/en/legal/privacy-policy
DPA: Signed Auftragsverarbeitungsvertrag (AVV) under FADP/GDPR Art. 28.

2. Infomaniak Network SA — Outbound email (SMTP)

Role: Processor.
Service: SMTP relay at mail.infomaniak.com.
Data processed: Recipient email address, sender email address, email subject, plain-text + HTML body of transactional emails (verification links, delivery notifications).
Location of processing: Switzerland.
Legal entity / privacy policy / DPA: as above.

3. Stripe Payments Europe Ltd — Payment processing

Role: Processor for the limited payment metadata we send; independent controller for everything Stripe collects directly from the cardholder (card data, fraud-check signals).
Service: Card and TWINT acceptance for the CHF 2.90 proof-tier fee. We do not enable any other payment method (no Apple Pay, no Google Pay, no Cartes Bancaires, no Klarna, no Amazon Pay).
Data processed by Stripe on our behalf: Stripe PaymentIntent ID, amount (CHF 2.90), sender email (passed as metadata for refund correlation only), session correlation ID. We never see the full card number, CVC, or expiry — those are entered directly into Stripe Elements which posts them to Stripe, not to us.
Location of processing: Ireland (EU) primary; United States (Stripe Inc.) for fraud detection and platform infrastructure.
Transfer mechanism (CH/EU → US):
- EU-U.S. Data Privacy Framework (DPF) — Stripe Inc. is self-certified at dataprivacyframework.gov.
- Swiss-U.S. Data Privacy Framework — Stripe Inc. is also certified under the Swiss extension. The Swiss Federal Data Protection and Information Commissioner (FDPIC / EDÖB) recognises this as an adequate safeguard under FADP Art. 16.
- EU Standard Contractual Clauses (SCCs, 2021/914) — applied as a back-up safeguard inside Stripe's DPA.
Legal entity: Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland.
Privacy policy: stripe.com/privacy
DPA: stripe.com/legal/dpa — accepted via Stripe Dashboard.

Data we do not share with subprocessors

The plaintext content of any file you transfer (we never have it — files are encrypted in your browser before upload).
The AES-256 decryption key when you choose link-only sharing (the key lives only in the URL fragment, which browsers do not transmit to servers).
Your full card number, CVC, or expiry (those go directly to Stripe's PCI-DSS-Level-1 environment, never our backend).

Sub-subprocessors

Our subprocessors may engage their own infrastructure providers (e.g. data centre operators). Those are documented in each subprocessor's own published list — see the privacy-policy links above. We hold each subprocessor responsible for ensuring equivalent protection at every downstream link of the chain (GDPR Art. 28(4)).

Questions

Email info@proofix.ch. We aim to reply within five working days; data-subject-rights requests are handled within the 30-day legal deadline.