Skip to main content

Hosting & Subprocessors

Our Germany Hosting

All data and services are hosted in Germany at Hetzner. Until end of May 2026, some components may still rely on EU-based providers whose infrastructure is located in other EU countries such as Ireland or the Netherlands. From end of May 2026, all storage and processing will take place exclusively in German data centers at Hetzner.

Subprocessors

Amazon Web Services (AWS)
Amazon Web Services (AWS)
Audio/video distribution (CDN)
🇪🇺Germany / Ireland
DeepL
DeepL
Translation
🇩🇪Germany
Microsoft Azure
Microsoft Azure
Cloud infrastructure
🇪🇺Germany / Netherlands
Microsoft Azure OpenAI
Microsoft Azure OpenAI
AI services via Azure
🇪🇺Sweden
Microsoft Dynamics 365
Microsoft Dynamics 365
CRM
🇩🇪Germany (Frankfurt)
Strato
Strato
Web hosting
🇩🇪Germany
Stripe
Stripe
Payments
🇪🇺Ireland

The continuously updated full subprocessor list is maintained in Annex 3 of the DPA.

What We Guarantee

  • All data is processed and stored in Germany at Hetzner (until end of May 2026, alternative EU regions may still be used)
  • From end of May 2026, storage will be exclusively in German data centers
  • No data ever leaves the EU, under any circumstances
  • We never use providers outside the EU, regardless of contractual safeguards

For organizations with the highest data sovereignty requirements, we offer additional flexibility:

  • On-premises data storage: Sally AI can store data in the customer's own database (MS SQL) on-premises, so your data never leaves your own infrastructure
  • Customer-provided LLMs: If your organization operates its own language models, Sally AI can be configured to use them exclusively instead of Azure OpenAI, ensuring that no data is sent to external AI services

Azure OpenAI – AI Processing Within the EU

For our AI-powered features such as transcription analysis and meeting summaries, we use Microsoft Azure OpenAI Service. A key advantage of Azure OpenAI is that the customer can choose the hosting region, unlike many other AI providers where the data center location is not transparent or configurable.

We have deliberately chosen an EU-based region for our Azure OpenAI deployment to ensure full GDPR compliance. This means:

  • All AI processing happens within the European Union
  • Your meeting data, transcripts, and prompts are never sent to servers outside the EU
  • All personal data is masked before it reaches the LLM. The AI only processes anonymized content, never identifiable information
  • Microsoft guarantees that data submitted to Azure OpenAI is not used to train or improve OpenAI models
  • The service operates under Microsoft's EU Data Boundary commitment

This deliberate choice of an EU hosting region is a central part of our data protection strategy, ensuring that even advanced AI features comply with the highest European privacy standards.

Contractual Safeguards

  • Data Processing Agreements (DPAs) are in place with all subprocessors, and their obligations mirror the main DPA
  • Standard Contractual Clauses (SCCs) are not required because no data leaves the EU
  • Any future exception would require explicit customer agreement and full compliance with GDPR Articles 44–49

Transparency & Your Review Rights

  • Advance notice and right to object to any subprocessor changes
  • Audit and inspection rights, including access to certifications and third-party audit reports
  • Full transparency about where your data is processed at all times