Compliance

Sub-processors

PigmentCRM (operated by Wenlar LLC) uses the third-party services listed below to operate the platform. Each provider is bound by a Data Processing Agreement (DPA) and only receives the minimum data necessary to perform its function. Last updated 2026-04-25.

ProviderPurposeRegionTransfer mechanismPrivacy
Cloudflare, Inc.CDN, DNS, edge proxy, R2 object storage (waivers, photos, ID images)Global edge; R2 buckets configurable per regionEU SCCs in place; Cloudflare is GDPR-alignedPolicy ↗
Amazon Web Services, Inc. (AWS SES)Transactional email delivery (password reset, notifications)us-east-1 by default — relocatable on requestEU SCCs; AWS is GDPR-alignedPolicy ↗
Twilio Inc.SMS delivery (reminders, notifications)US primary; EU routing available on requestEU SCCsPolicy ↗
Google LLCGoogle Calendar API (event sync), Google Drive API (waiver backup) — only when a studio explicitly connects its own Google accountGlobalEU SCCsPolicy ↗
Hetzner Online GmbH (or equivalent IaaS)Application hosting (Strapi, Postgres, Redis), encrypted volumesFalkenstein / Nuremberg, Germany (EU)No transfer outside EU for primary hostingPolicy ↗

Notification of changes

We will notify customers at least 30 days before adding or replacing a sub-processor that handles personal data, by email to the account owner and via an update to this page. Customers may object to a change in writing during the notice window; if the objection cannot be resolved we will work in good faith on a transition.

Contact

Wenlar LLC
30 N Gould St, STE R
Sheridan, WY 82801, United States
Questions about this list, sub-processor changes, or to receive change notifications: [email protected].