Sub-processors

Last updated: 12 June 2026

IndieMenu uses a small number of trusted service providers ("sub-processors") to deliver the service. Where IndieMenu acts as a data processor for restaurants, these providers act as our sub-processors. This page lists who they are, what they do for us, and where they process data.

Provider Purpose Location Transfer safeguard
Stripe Payments Europe / Stripe, Inc. Payment processing and Stripe Connect accounts EU / United States UK Extension to the EU-US Data Privacy Framework
Resend (Plus Five Five, Inc.) Transactional email delivery United States UK Addendum to the EU Standard Contractual Clauses (Resend is also certified under the UK Extension to the EU-US Data Privacy Framework)
Railway (Railway Corp.) Application hosting and infrastructure European Union (Netherlands) Data stored in the EU under UK adequacy regulations for the EEA; any onward access from the US is covered by the EU Standard Contractual Clauses with UK Addendum (Railway's DPA)
Cloudflare, Inc. CDN, DNS, bot protection and email obfuscation Global (data primarily processed in EU/UK edge locations) UK Extension to the EU-US Data Privacy Framework

Changes to this list

We will update this page before adding or replacing a sub-processor. Restaurants on IndieMenu will be given at least 30 days' notice of new sub-processors by email or dashboard notice, and may object on reasonable data protection grounds as set out in our Data Processing Addendum.

Questions

Email [email protected].