Legal · Transparency

Sub-processors

The third parties FiveDesk relies on to operate. Each one sees a specific slice of data — its scope, jurisdiction, and privacy policy are listed below. We notify owners at least 14 days before adding a new processor that receives player data.

Last updated · May 15, 2026

netcup GmbH

netcup GmbH

Germany · EU (GDPR)

Active

Purpose

Primary hosting — application servers, PostgreSQL database, Redis queue, and stored artefacts (screenshots, clips, encrypted backups).

Data categories

Owner account records, server configuration, player data, tickets, media files, encrypted backups, technical logs.

Privacy policy
Tebex Ltd.

Tebex Ltd.

United Kingdom

Active

Purpose

Payment processing — subscription billing, invoices, renewals, refunds, and tax handling for paid plans.

Data categories

Owner email, billing name, country, transaction history, and plan tier. Card numbers and other payment-instrument details are held by Tebex and their underlying payment gateways, never by FiveDesk.

Privacy policy
D

Discord, Inc.

United States

Active

Purpose

Optional sign-in provider — authenticates account holders via OAuth so they can access the dashboard without a separate password. Used only when the account owner chooses Discord at sign-in.

Data categories

Discord account email, username, avatar URL, and unique account ID (snowflake). No message content, server list, or activity is requested.

Privacy policy
F

Functional Software, Inc. (Sentry)

United States

Active

Purpose

Error tracking and performance monitoring — captures application errors and traces so we can fix bugs and outages quickly. Personally-identifying information collection is disabled.

Data categories

Stack traces, request paths (no bodies), runtime environment metadata, and synthetic event IDs. No email, name or IP is forwarded.

Privacy policy
H

Hostinger International Ltd.

Lithuania · EU (GDPR)

Active

Purpose

Transactional email delivery — password reset, account verification, onboarding nudges, and billing notifications. Emails are dispatched through Hostinger SMTP.

Data categories

Recipient email address, subject line, message body (e.g. reset link, confirmation token), and delivery metadata.

Privacy policy
Cloudflare, Inc.

Cloudflare, Inc.

United States · global anycast

Active

Purpose

Global edge network — DNS, DDoS protection, TLS termination, and WebRTC TURN relay used when admins open a live-view stream that cannot connect peer-to-peer.

Data categories

HTTP request metadata, DNS queries, TLS handshakes, and (for live view) the encrypted WebRTC media stream between the player NUI and the admin browser.

Privacy policy
Anthropic, PBC

Anthropic, PBC

United States

Planned

Purpose

AI-assisted features — summarising logs, triaging tickets, and generating natural-language insights for operators.

Data categories

Aggregated or anonymised excerpts of logs, tickets, and admin-action history. No raw player identifiers are sent.

Privacy policy
OpenAI, L.L.C.

OpenAI, L.L.C.

United States

Planned

Purpose

AI-assisted features — embeddings for search, natural-language queries over analytics, and assistive content generation.

Data categories

Aggregated or anonymised excerpts of logs, tickets, and admin-action history. No raw player identifiers are sent.

Privacy policy

Questions?

For questions about where your data lives, or to discuss regional data-residency requirements, email [email protected].