Sub-processors
Last updated: 12 June 2026
IndieMenu uses a small number of trusted service providers ("sub-processors") to deliver the service. Where IndieMenu acts as a data processor for restaurants, these providers act as our sub-processors. This page lists who they are, what they do for us, and where they process data.
| Provider | Purpose | Location | Transfer safeguard |
|---|---|---|---|
| Stripe Payments Europe / Stripe, Inc. | Payment processing and Stripe Connect accounts | EU / United States | UK Extension to the EU-US Data Privacy Framework |
| Resend (Plus Five Five, Inc.) | Transactional email delivery | United States | UK Addendum to the EU Standard Contractual Clauses (Resend is also certified under the UK Extension to the EU-US Data Privacy Framework) |
| Railway (Railway Corp.) | Application hosting and infrastructure | European Union (Netherlands) | Data stored in the EU under UK adequacy regulations for the EEA; any onward access from the US is covered by the EU Standard Contractual Clauses with UK Addendum (Railway's DPA) |
| Cloudflare, Inc. | CDN, DNS, bot protection and email obfuscation | Global (data primarily processed in EU/UK edge locations) | UK Extension to the EU-US Data Privacy Framework |
Changes to this list
We will update this page before adding or replacing a sub-processor. Restaurants on IndieMenu will be given at least 30 days' notice of new sub-processors by email or dashboard notice, and may object on reasonable data protection grounds as set out in our Data Processing Addendum.
Questions
Email [email protected].