A subprocessor is any third party your business engages to process personal data on your behalf — your hosting provider, email delivery service, analytics platform, support tool. You are legally required to list them in your Privacy Policy under [GDPR art. 13(1)(e)] and to include them in your DPA under [GDPR art. 28(3)(d)].
miniterms tracks your subprocessors separately from your documents so you can update the list without regenerating everything from scratch.
Adding from the library
The library contains pre-filled entries for common tools: Vercel, Upstash, Resend, Stripe, Cloudflare, Google Analytics, Plausible, Crisp, and others. Each entry includes a verified DPA URL and the vendor's data residency region.
- Open Subprocessors in the sidebar.
- Click Browse library.
- Entries are grouped by category (Hosting, Email, Analytics, Payments, Support, Other). Use the search box to filter by name.
- Click Add on any entry. It moves to your active list.
Library entries are pre-filled templates. After adding, you can edit the region or DPA URL if you have a custom agreement with that vendor.
Adding a custom entry
For tools not in the library, or internal systems acting as processors:
- Click Add custom.
- Fill in: Name, Purpose (what personal data they process and why), Region (where their infrastructure is), DPA URL (link to their data processing terms).
- Pick a Category: Hosting, Email, Payments, Analytics, Support, Other.
- Save.
Editing
Click Edit on any row in the active list. Change any field and save. A regenerate prompt appears on the Documents page after you save changes — regenerating picks up the updated subprocessor list.
Removing
Click Remove on the row. Only remove a subprocessor you have genuinely stopped using — removing an active service would make your Privacy Policy incorrect.
Suggested additions
On first load, miniterms may suggest common subprocessors based on typical setups. These are optional suggestions; click Add to accept or ignore them.