Start Free
← Back

Subprocessors

Last updated January 14, 2025

This page lists the categories of third-party service providers (subprocessors) we use to operate Dobri Lab. All subprocessors are bound by Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) for GDPR compliance.

Under GDPR Article 15, you can request the specific names of our service providers by emailing privacy@dobrilab.com. We will respond within 30 days.

Service Categories

Learning Infrastructure

Provides isolated Linux practice environments (containers) where you complete labs.

  • Data processed: terminal commands, lab progress, session metadata
  • Location: United States
  • Purpose: container orchestration, execution environment, grading
  • Retention: 30 days (session logs)

Payment Processing

Handles subscription billing, payment gateway, and fraud prevention.

  • Data processed: payment details (encrypted), billing address, subscription status
  • Location: United States, Ireland
  • Purpose: process payments, manage subscriptions, prevent fraud
  • Retention: 7 years (tax compliance)

Data Storage

Database hosting, object storage, and automated backups.

  • Data processed: user accounts, lab progress, XP, session metadata
  • Location: United States
  • Purpose: primary database, backups, session data
  • Retention: while account active + 90 days after deletion

Hosting & Content Delivery

Application hosting, SSL/TLS, CDN, and DDoS protection.

  • Data processed: HTTP requests, IP addresses, browser metadata
  • Location: global (edge network)
  • Purpose: serve website, handle requests, security
  • Retention: 30 days (logs)

Authentication

OAuth login via Google, Facebook, and GitHub.

  • Data processed: email, name, profile picture (if you choose OAuth login)
  • Location: various (Google, Facebook, GitHub data centers)
  • Purpose: authenticate users via OAuth 2.0
  • Retention: per provider's privacy policy

Data Protection Measures

All subprocessors are required to:

  • Sign Data Processing Agreements (DPAs) with GDPR Article 28 compliance
  • Use Standard Contractual Clauses (SCCs) for international transfers
  • Maintain security certifications (SOC 2, ISO 27001, or equivalent)
  • Encrypt data in transit (TLS 1.3+) and at rest (AES-256)
  • Notify us of data breaches within 24 hours
  • Delete data upon request (within 90 days)

Subprocessor Changes

We will update this page within 30 days of adding or changing subprocessors. Material changes will be announced via:

  • Email notification to active users
  • Update banner on this page
  • Change log below (with dates)

Change Log

January 14, 2025: Initial publication

Questions

For the complete vendor list or subprocessor-related questions, contact privacy@dobrilab.com.