Where your data lives and the sub-processors we use
To run PrismPoster, we rely on a small set of trusted third parties — called sub-processors — that handle specific parts of the service on our behalf, such as processing payments and hosting your media. The current list, including what each one does, is published at /privacy/sub-processors. PrismPoster is operated by PrismLabs OÜ in Tallinn, Estonia, and your data is encrypted both at rest and in transit wherever it's stored.
What is a sub-processor?
A sub-processor is an external company that processes your data so we can deliver a feature we don't run entirely in-house. For example, payments are handled by Stripe, which means your card details go to Stripe rather than being stored by us. Each sub-processor only handles the data needed for its specific job, under a contract that binds it to protect that data.
Where can I see the full list?
The complete, up-to-date list lives at /privacy/sub-processors. We keep it there so it stays current as the service evolves. The list names each provider and the purpose it serves, such as payments, hosting, and infrastructure.
Where is my data stored?
Your data is held by our infrastructure and hosting sub-processors and is encrypted at rest. When data moves between you and PrismPoster, or between our services, it's encrypted in transit. For more on how we protect data and how to report a vulnerability, see Security and responsible disclosure.
How does this connect to my data rights?
Knowing who processes your data is part of being able to exercise control over it. If you make a data subject access request, it covers data held by us and by these sub-processors acting on our behalf. The legal basis for each processing activity is described in /privacy.
Frequently Asked Questions
Who processes my payment information?
Payments are processed by Stripe. Your card details are handled by Stripe rather than stored by PrismPoster. Stripe and the other providers we use are listed at /privacy/sub-processors.
Is my data encrypted?
Yes. Your data is encrypted at rest where it's stored and encrypted in transit as it moves across the network. More detail is on our security page.
How will I know if the sub-processor list changes?
The list at /privacy/sub-processors is the source of truth and is kept current. Check that page for the latest set of providers and the role each one plays.