The 80-word version
These are the third-party vendors that may process customer data on Eleven11's behalf. We give 30 days' notice before adding a new subprocessor; you can object, and if we can't accommodate the objection, you can terminate without penalty.
How we handle changes
Before we add any new subprocessor, we give you 30 daysnotice at your registered email and update this page on the same day. That notice names the vendor, what they’ll process, which region they operate in, and a link to their DPA or equivalent.
You can object to a new subprocessor addition by writing to [email protected] within the notice period. We’ll work with you to find an alternative. If we genuinely can’t accommodate the objection — for example, because the new vendor is integral to a feature you use — we’ll tell you plainly. You can then terminate the affected service without penalty, and we’ll refund any prepaid balance for that service on a pro-rata basis.
We don’t add subprocessors silently. Every vendor in the list below was added with this process, or was present at launch. If you believe a vendor is missing from this list, write to [email protected] — that’s a bug we want to fix immediately.
The current list
The table below lists every third-party vendor that may process customer data on Eleven11’s behalf. Each entry names the vendor, its purpose, the categories of data it may receive, the region where data is processed, and a link to the vendor’s DPA or privacy documentation.
If a product you use isn’t listed here, it runs entirely on Eleven11-operated infrastructure with no third-party data sharing. For per-product detail, see the product transparency cards at /trust.
| Vendor | Purpose | Region | Conditional | DPA |
|---|---|---|---|---|
| Hetzner Online GmbH | Compute and storage hosting for Eleven11 services | EU (Germany), EU (Finland) | — | Vendor DPA |
| Cloudflare, Inc. | DNS, CDN, edge proxy, and tunneling | Global | — | Vendor DPA |
| GitHub, Inc. | Source code hosting and container registry (GHCR) | United States | — | Vendor DPA |
| Anthropic, PBC | Large language model inference. Used only when a customer has not configured their own BYOK provider; Eleven11 never silently routes BYOK-configured workloads to Anthropic. | United States | Only when no BYOK LLM provider is configured for the workspace. | Vendor DPA |
| Google LLC | Gmail and Calendar OAuth ingress for customer-connected accounts | User-region | Only when a customer connects a Google account via Cal. | Vendor DPA |
| Meta Platforms, Inc. | Instagram and Facebook publishing via Graph API for customer-connected accounts | User-region | Only when a customer connects a Meta account via Studio. | Vendor DPA |
| Eleven11 self-hosted mail server (docker-mailserver on Hetzner) | Inbound and outbound email for Eleven11-hosted customer mailboxes | EU (Germany) | Disclosed for transparency. Not a third-party processor; operated by Eleven11 directly on Hetzner infrastructure. | — |
| Self-hosted Plausible Analytics on Hetzner (planned) | First-party, cookieless website analytics for marketing surfaces. No cross-site tracking, no advertising attribution. | EU (Germany) | Planned deployment; not yet live. We will operate Plausible directly on our own infrastructure when activated. No third-party SaaS will receive visitor data. This page is the single update point on activation. | — |
| Stripe, Inc. | Payment processing | United States | Will be activated when paid plans launch. Listed in advance for transparency. | Vendor DPA |
| Customer-supplied LLM provider (BYOK) | LLM inference using credentials the customer brings. Customer is the Controller of this flow; Eleven11 acts as Processor only relative to the customer's configured provider. | Customer-controlled | Only when a customer configures their own LLM API key in their workspace. | — |
Bring-your-own-key (BYOK)
Several Eleven11 products can route AI-generated steps through an LLM provider of your choice. When you configure a BYOK API key — Anthropic, OpenAI, or another supported provider — the data flow changes in a material way.
With BYOK active, you become the Controllerof that data flow with respect to your chosen LLM provider. Eleven11 acts only as a Processor on your behalf: we pass your request to the provider you authorized, using the credentials you supplied, and return the result. We don’t log the content of those calls beyond what’s needed to bill or debug the feature you turned on.
Anthropic appears in the list above because we use it as the default LLM provider when no BYOK key is configured. It is never a silent override: if you’ve configured a BYOK key, your key is used. If you haven’t, we use the Eleven11 default and the call is covered by our own DPA with Anthropic. You can verify which key is active for any product in the product settings page.
If you want your LLM calls routed only through infrastructure you control end-to-end, set a BYOK key and then hold your provider accountable to their own DPA — not ours.
Contact
For procurement questions — DPA negotiation, standard contractual clauses, enterprise addenda — write to [email protected]. For data processing concerns or to exercise your right to object to a subprocessor, [email protected]. For anything else, [email protected] reaches a person.