Brasserio Subprocessor and International Transfer Notice
Version 1.0 | Last Updated: 28 April 2026 | Publication URL: https://brasserio.com/subprocessor-notice
1. Scope
This Subprocessor and International Transfer Notice identifies the main third-party providers that Brasserio currently uses or may use to provide, secure, support, analyze, distribute, and operate the Services. It also explains how international data transfers may occur.
The exact providers involved in a specific processing activity depend on the feature, restaurant configuration, country, device, payment flow, communications channel, and product stage.
2. Current Subprocessors and Providers
| Provider | Purpose | Data categories | Possible processing locations |
|---|---|---|---|
| Amazon Web Services (AWS) | Cloud hosting, compute, storage, networking, security, infrastructure services, managed database/infrastructure services, and primary hosting currently in eu-central-1. | Restaurant Data, Guest Data, account data, logs, operational data, technical data. | EU/EEA, Israel access, United States, and other AWS support or processing locations. |
| MongoDB Atlas | Managed database services for application data where configured. | Restaurant Data, operational data, Guest Data, technical data. | EU/EEA and other MongoDB processing/support locations. |
| PayPlus | Payment processing, hosted payment pages, deposits, holds, subscriptions, refunds, chargebacks, receipts, and payment compliance. | Payment tokens, transaction IDs, limited card metadata, billing/contact details, payment status. | Israel and other payment-network or provider locations. |
| Twilio | SMS delivery, waitlist messages, booking confirmations, cancellation links, messaging metadata, and link shortening support. | Phone numbers, message content or templates, delivery metadata, link metadata. | United States, EU/EEA, Israel, and other Twilio processing locations. |
| SendGrid | Email delivery where enabled for service, account, operational, support, or transactional messages. | Email addresses, message metadata, message content, delivery logs. | United States, EU/EEA, and other SendGrid/Twilio processing locations. |
| Google Firebase Cloud Messaging | Mobile push notifications for restaurant staff devices. | Push tokens, device/application identifiers, notification metadata. | United States, EU/EEA, and other Google processing locations. |
| Google Analytics | Analytics and performance measurement where enabled. | Usage events, cookie identifiers, device/browser data, interaction data. | United States, EU/EEA, and other Google processing locations. |
| Google reCAPTCHA | Bot detection, abuse prevention, spam prevention, and security checks where enabled. | Device/browser data, interaction signals, network identifiers processed by Google. | United States, EU/EEA, and other Google processing locations. |
| Google Workspace / Gmail | Business email, support intake, legal/privacy/security communications, internal communications. | Emails, contact details, attachments submitted by users, support messages. | United States, EU/EEA, Israel access, and other Google processing locations. |
| Cloudflare | DNS, traffic routing, security, performance, and edge protection where enabled. | Network metadata, request metadata, IP/network identifiers, security logs. | Global edge network and support locations. |
| GoDaddy | Domain registration, DNS-related account services, and domain administration. | Domain/account metadata and technical DNS records; generally not core Guest Data. | United States and other GoDaddy processing locations. |
| Apple App Store | Distribution of iOS applications and app-store related crash, analytics, billing, and user interactions as controlled by Apple. | App store account data, device/app metadata, crash or analytics data controlled by Apple. | Apple processing locations globally. |
| Google Play | Distribution of Android applications and app-store related crash, analytics, billing, and user interactions as controlled by Google. | App store account data, device/app metadata, crash or analytics data controlled by Google. | Google processing locations globally. |
| Grafana / Prometheus tooling | Observability, monitoring, metrics, alerts, and operational diagnostics where configured. | Operational metrics, logs, technical data, limited identifiers where included in logs. | Primarily Brasserio infrastructure locations and provider/support locations where managed services are used. |
3. Providers Not Currently Used
Brasserio does not currently use Stripe, Mailgun, Google Tag Manager, Meta Pixel, LinkedIn Ads, Hotjar, Microsoft Clarity, Sentry, Datadog, a CRM/support-ticket platform, or a third-party AI/LLM provider for the Services described in this Notice. If these providers or similar providers are later added, Brasserio will update this Notice or provide required notice.
4. International Transfers
Brasserio is operated from Israel and currently uses primary hosting in AWS eu-central-1. Personal information may be transferred to or accessed from Israel, the European Economic Area, the United States, and other countries where Brasserio, support personnel, service providers, infrastructure providers, app stores, payment processors, SMS/email providers, or analytics/security providers operate.
Where legally required, Brasserio uses safeguards for international transfers, such as adequacy decisions, EU Standard Contractual Clauses, the UK International Data Transfer Addendum, vendor contractual commitments, transfer impact assessments where appropriate, the EU-U.S. Data Privacy Framework for participating vendors, and similar lawful transfer mechanisms.
5. Subprocessor Changes and Objections
Brasserio may add, replace, or remove providers as needed to operate, secure, support, scale, or improve the Services. Brasserio will provide notice of material Subprocessor changes by updating this Notice, emailing account contacts, or another reasonable method.
Restaurant Customers may object to a new Subprocessor on reasonable data protection grounds within 30 days after notice. Brasserio will work in good faith to address reasonable objections. If Brasserio cannot reasonably address the objection, the Restaurant Customer may stop using the affected feature or terminate the affected service according to the Terms or commercial agreement.
6. Contact
Questions about subprocessors or transfers may be sent to support@brasserio.com.
Operated by DevYouUp | Contact: support@brasserio.com