Legal
Sub-processors
SwiftGuest uses the following third-party sub-processors to deliver our hotel property management platform. Each sub-processor has been evaluated for data protection compliance and is bound by contractual obligations consistent with our Data Processing Agreement.
Last updated: April 13, 2026
Change notification
We notify customers at least 30 days in advance of any new sub-processor engagement. If you have subscribed to DPA notifications, you will receive an email alert when this list changes. To subscribe, contact dpo@swiftguest.com.
| Sub-processor | Country | Purpose | Certification |
|---|---|---|---|
| Cloudflare | United States | Infrastructure, CDN, DNS, edge compute | SOC 2 Type II, ISO 27001 |
| Rapyd | United Kingdom | Payment processing | PCI DSS Level 1 |
| Tranzila | Israel | Israeli payment processing | PCI DSS |
| PayPal | United States | Payment processing | PCI DSS Level 1 |
| Stripe | United States | Payment processing (dormant, reserved for future use) | PCI DSS Level 1 |
| Channex.io | Ukraine | Channel management, OTA distribution | -- |
| Resend | United States | Transactional email delivery | SOC 2 Type II |
| United States | OAuth authentication, Google Workspace | SOC 2 Type II, ISO 27001 | |
| Hetzner | Germany | Backup storage (EU) | ISO 27001 |
Data transfer safeguards
Where sub-processors are located outside the European Economic Area, SwiftGuest relies on Standard Contractual Clauses (SCCs) adopted by the European Commission, supplementary measures, and transfer impact assessments in accordance with the Schrems II ruling. Cloudflare maintains EU data localization options for customers requiring regional data residency.
Objection process
Under the terms of our Data Processing Agreement, customers may object to a new sub-processor within 30 days of receiving notice. If SwiftGuest is unable to accommodate the objection, the customer may terminate the affected services without penalty. Contact dpo@swiftguest.com to raise an objection.
Related legal documents
For questions about our sub-processors or data processing practices, contact our Data Protection Officer at dpo@swiftguest.com.