Legal & compliance
Subprocessors
ABN Platform AB uses the following sub-processors in accordance with GDPR Art. 28. The list is updated on changes. Customers are notified 30 days in advance before a new sub-processor is taken into operation, so the right to object under Art. 28(2)/(4) GDPR can be exercised.
ABN’s architecture is designed so that raw customer operational data stays inside the customer’s Node in normal use — the sub-processors below see structural metadata, not raw customer values. The details per category are described in the data processing agreement (DPA) and in the record of processing activities under Art. 30.
| Name | Role | Region | DPA |
|---|---|---|---|
| Anthropic | LLM inference (abstract data — never customer values) | USA (EU SCCs) | Yes |
| Clerk | Authentication & MFA | USA (EU SCCs) | Yes |
| Nango* | OAuth proxy to customer systems | EU | Yes |
| Hetzner | Server infrastructure | EU (Germany) | Yes |
| Vercel | Landing hosting | USA (EU SCCs) | Yes |
| Proton | Switzerland (EU adequacy) | Yes | |
| Stripe | Payments | USA (EU SCCs) | Yes |
* Nango runs as a self-hosted instance on ABN’s own EU infrastructure (Hetzner, Germany). No customer data reaches Nango Inc.'s US infrastructure.
A machine-readable version of the same register is available at /subprocessors.json — for vendor assessments and automated vendor flows.
Changes
Before ABN adds or replaces a sub-processor, every customer receives a notification at least 30 days in advance, via the account-owner email address and in the in-app message. The customer has the right to object; if an objection remains, there is a right of termination under the data processing agreement (DPA, § 5).
Questions about sub-processors, GDPR Art. 28 commitments or supplementary security documentation: legal@abnplatform.com.
Last updated: May 2026 · ABN Platform AB