Compliance
Sub-processors
PigmentCRM (operated by Wenlar LLC) uses the third-party services listed below to operate the platform. Each provider is bound by a Data Processing Agreement (DPA) and only receives the minimum data necessary to perform its function. Last updated 2026-04-25.
| Provider | Purpose | Region | Transfer mechanism | Privacy |
|---|---|---|---|---|
| Cloudflare, Inc. | CDN, DNS, edge proxy, R2 object storage (waivers, photos, ID images) | Global edge; R2 buckets configurable per region | EU SCCs in place; Cloudflare is GDPR-aligned | Policy ↗ |
| Amazon Web Services, Inc. (AWS SES) | Transactional email delivery (password reset, notifications) | us-east-1 by default — relocatable on request | EU SCCs; AWS is GDPR-aligned | Policy ↗ |
| Twilio Inc. | SMS delivery (reminders, notifications) | US primary; EU routing available on request | EU SCCs | Policy ↗ |
| Google LLC | Google Calendar API (event sync), Google Drive API (waiver backup) — only when a studio explicitly connects its own Google account | Global | EU SCCs | Policy ↗ |
| Hetzner Online GmbH (or equivalent IaaS) | Application hosting (Strapi, Postgres, Redis), encrypted volumes | Falkenstein / Nuremberg, Germany (EU) | No transfer outside EU for primary hosting | Policy ↗ |
Notification of changes
We will notify customers at least 30 days before adding or replacing a sub-processor that handles personal data, by email to the account owner and via an update to this page. Customers may object to a change in writing during the notice window; if the objection cannot be resolved we will work in good faith on a transition.
Contact
Wenlar LLC
30 N Gould St, STE R
Sheridan, WY 82801, United States
Questions about this list, sub-processor changes, or to receive change notifications: [email protected].