DPA · Annex 2

Subprocessors

The third parties DRIVUNO uses to deliver the service. None of them can read your file contents — they hold ciphertext or operational metadata only.

Notification

We notify Business customers at least 30 days before adding or replacing a subprocessor that processes customer metadata. Subscribe by emailing dpo@drivuno.com.

Infrastructure

Edge runtime, DDoS protection, CDN
Encrypted request bodies, IP addresses (logs)
Global (Anycast)
Managed Postgres + object storage
Account records, ciphertext, sealed envelopes, audit logs
EU primary

Communications

Transactional email delivery
Email addresses, message bodies we generate
EU / US
SMS for 2FA and recovery (opt-in)
Phone numbers, SMS body
Global

Billing

Card and SEPA payments
Billing identity, card metadata
EU / US
EU payments fallback
Billing identity, payment metadata
EU
Global payments fallback
Billing identity, payment metadata
EU / Global

Analytics

Privacy-preserving site analytics (no cookies, no PII)
Anonymized request URL, user agent, referrer
EU

For our full Data Processing Agreement, see /dpa. For data-residency commitments, see the sovereignty page.

Encrypted on your device · upload in 1 click
Upload