Sub-processors

Last updated: 19 December 2025

Our Commitment to Transparency

Revano engages certain third-party service providers ("sub-processors") to assist in delivering our services. This page provides a complete list of sub-processors that may process personal data on behalf of our customers.

All sub-processors are bound by data processing agreements that include GDPR-compliant terms and appropriate security measures.

Infrastructure & Data Storage

Revano operates on self-hosted infrastructure located in Lelystad, The Netherlands. All customer data is stored exclusively on our own servers within the European Union. We do not use third-party cloud hosting providers (such as AWS, Google Cloud, or Azure) for data storage.

Cloudflare is used solely as a reverse proxy for traffic routing and DDoS protection. Cloudflare does not store customer data - it only processes request metadata (IP addresses, headers) in transit.

Current Sub-processors

Sub-processor Purpose Location Safeguards
Zoho Corporation B.V.
Privacy Policy 		Transactional email delivery (account verification, password resets, notifications) Netherlands (EU) GDPR DPA, ISO 27001
Mollie B.V.
Privacy Policy 		Payment processing (subscription billing, invoicing) Netherlands (EU) GDPR DPA, PCI-DSS Level 1
Cloudflare, Inc.
Privacy Policy 		Reverse proxy, DDoS protection, DNS services (traffic routing only - no data storage) Global (EU traffic routing) GDPR DPA, ISO 27001, SOC 2

Data Processed by Sub-processors

Sub-processor Data Categories
Zoho Mail Email address, name (in email content)
Mollie Email address, billing information (company name, address, VAT number), payment details
Cloudflare IP addresses (for security/routing), request metadata

Sub-processor Changes

We may update our sub-processors from time to time. When we add a new sub-processor that processes personal data, we will update this page. Enterprise customers with a signed DPA may receive direct notification of sub-processor changes as specified in their agreement.

If you have concerns about a sub-processor change, please contact us at [email protected].

International Transfers

All sub-processors listed above process data within the European Economic Area (EEA) or, where processing occurs outside the EEA, appropriate transfer mechanisms are in place:

  • EU Standard Contractual Clauses (SCCs)
  • Adequacy decisions by the European Commission
  • Binding Corporate Rules (where applicable)

Due Diligence

Before engaging any sub-processor, Revano conducts due diligence to ensure:

  • The sub-processor maintains appropriate technical and organizational security measures
  • A data processing agreement is in place with GDPR-compliant terms
  • The sub-processor only processes data as necessary for the specified purpose
  • Appropriate mechanisms exist for international data transfers (if applicable)

Questions?

If you have questions about our sub-processors or need additional information for your compliance requirements, please contact us:

Klaver Solutions
Blaasbalg 14
8253LX Dronten
The Netherlands
KVK 91096111
Email: [email protected]