SUB-PROCESSORS
Sub-Processors and Upstream Providers
Third-party providers we engage to operate Hoody.
Last updated: 30 April 2026
This page lists the third-party service providers ("sub-processors" under GDPR/UK GDPR/Swiss FADP, "third-party recipients" under HK PDPO and other regimes) that Hoody Limited engages to operate the Services. The list is current as of the date shown above and is updated when Hoody adds, replaces, or removes a sub-processor. Material changes are notified to Customers per the Data Processing Agreement (Annex A of our Privacy Policy) at least thirty (30) days in advance.
For background on what data Hoody processes and what Hoody architecturally cannot see, please refer to our Privacy Policy.
How to read this list
| Column | Meaning |
|---|---|
| Sub-processor | Entity name and parent corporate group where relevant |
| Purpose | What the sub-processor does for Hoody |
| Data categories | High-level categories of data the sub-processor processes (see Privacy Policy §3 for fields) |
| Location | Country or region where the sub-processor processes Hoody-related data |
Payment processing
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Stripe Payments Europe Ltd / Stripe, Inc. | Credit and debit card processing | Card details (processed under PCI DSS Level 1; Hoody does not store card numbers), billing address, transaction records | Ireland, United States |
| NOWPayments | Cryptocurrency payment processing (Bitcoin, Ethereum, USDT, and other supported chains) | Wallet address, transaction hashes, transaction amounts | European Economic Area |
| PaymentWall | Alternative payment methods (where offered) | Transaction records, billing data | Multiple regions |
| PayPal | PayPal payments (where offered) | PayPal account identifier, transaction records | Multiple regions |
| Banking partners | Bank transfer processing | Bank account details, transaction records | Hong Kong, other |
Bare Metal Server hosting (underlying physical infrastructure)
Hoody resells server capacity from these third-party hosting providers. The underlying provider physically operates the data center where Customer's Bare Metal Server runs. Hoody is the Customer's contractual counterparty for the server; the underlying provider is not. See Terms of Service §11.1 and Privacy Policy §6.
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| OVH SAS | Bare-metal server hardware operation, network connectivity at the data center | Network metadata at the hardware/ISP level (Hoody does not see this), server hardware configuration | France, Germany, United Kingdom, Canada, United States, Singapore, Australia, India, Poland (varies by data center selected) |
| Hetzner Online GmbH | Bare-metal server hardware operation, network connectivity at the data center | Network metadata at the hardware/ISP level (Hoody does not see this), server hardware configuration | Germany, Finland (varies by data center selected) |
| Other hosting providers | As Hoody's offering expands | Same categories as above | Varies |
AI gateway upstream providers and aggregators
Hoody routes Customer-initiated AI requests through aggregators and direct provider relationships. In default pass-through mode, Hoody does not see the content of prompts or completions (see Privacy Policy §2.1(d)). Each upstream provider has its own data handling, retention, training-behavior, regional-availability, and certification commitments — Customer is responsible for verifying the upstream provider's commitments are appropriate for Customer's use case.
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| OpenRouter, Inc. | AI request aggregation and routing across multiple upstream model providers | Routing metadata; prompt/completion content per Customer's request to the selected provider | United States |
| Eden AI | AI request aggregation and routing across multiple upstream model providers | Routing metadata; prompt/completion content per Customer's request to the selected provider | France |
| Upstream model providers reached via aggregators | Inference (model execution) | Prompt/completion content per Customer's request to the selected provider | Varies by provider |
The aggregators above route to a long list of model providers that changes over time (currently including providers from the United States, Europe, and elsewhere). Each model provider has its own privacy policy and terms; Customer's selection of a model determines which provider receives Customer's prompts and returns completions. Hoody flows down upstream restrictions in our Acceptable Use Policy.
Communications and support infrastructure
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Email infrastructure | Transactional email delivery (account verification, billing notifications, security alerts, support replies) | Email address, message content | Multiple regions |
| Support and ticketing tooling | Customer support workflow | Support request content, communication history | Multiple regions |
| Status page provider | Public service status communication | None Customer-specific (publicly published incidents and scheduled maintenance only) | Multiple regions |
Identity providers (OAuth)
When Customer signs up or logs in via a federated identity provider, the provider transmits Customer's account identifier and basic profile information (such as verified email and name) to Hoody for the limited purpose of authenticating the account. Hoody does not initiate this data transfer; it occurs because Customer chose to authenticate via the identity provider.
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| GitHub, Inc. | OAuth-based authentication for accounts where Customer chose to sign up via GitHub | OAuth account identifier, verified email, name, basic profile (per the OAuth scope authorized by Customer) | United States |
| Google LLC | OAuth-based authentication for accounts where Customer chose to sign up via Google | OAuth account identifier, verified email, name, basic profile (per the OAuth scope authorized by Customer) | United States |
Operations, security, and compliance
| Sub-processor | Purpose | Data categories | Location |
|---|---|---|---|
| Service operation analytics | Aggregate metrics on control plane usage and reliability (no Container content) | Service operation metadata at the control-plane level only | Multiple regions |
| Sanctions and KYC screening | Pre-onboarding sanctions screening and abuse prevention | Account identifying information (name, email, country, billing data) | Multiple regions |
| Error monitoring and observability | Hoody control-plane application performance monitoring (Hoody's own services, not Customer's Containers) | Error traces, performance metrics, request logs at the control-plane level only | Multiple regions |
What is not in this list
Sub-processors process data on Hoody's behalf. The following do not appear because Hoody does not engage them as sub-processors:
- Software running inside Customer's Containers. When Customer installs a library, runs an open-source project, or invokes an API from inside a Container, that software is not Hoody's sub-processor — Customer chose to run it. The Hoody Proxy on Customer's bare metal does not interfere with or proxy this traffic at the application level (see Privacy Policy §2.1).
- Software Customer chooses to integrate with the Hoody control plane. When Customer connects a third-party service to the Hoody API (for example, a CI system that creates Containers), Hoody does not become the controller for the data flow Customer initiates.
- Hoody's corporate vendors (legal, accounting, audit, banking) that may incidentally process Hoody employee or contractor data but do not process Customer data on Hoody's behalf.
Changes to this list
When Hoody adds, replaces, or materially changes a sub-processor, Hoody:
(a) Updates this page; (b) Notifies Customers at least thirty (30) days in advance of the change taking effect, by email or in-product notification; (c) Allows Customers to object on reasonable, documented grounds within thirty (30) days, with the options described in the Data Processing Agreement (Privacy Policy Annex A) §A.6(c).
To object to a sub-processor change or to ask a question about the list, contact privacy@hoody.com.
Versions and history
A short change log of material updates to this list:
| Date | Change |
|---|---|
| 30 April 2026 | Initial publication. |
If you have questions about this list or about how Hoody processes your data, contact privacy@hoody.com. For full details on Hoody's privacy commitments and what Hoody architecturally cannot see, refer to our Privacy Policy — in particular Section 2 (What Hoody Cannot See) and Annex A (Data Processing Agreement).