Sub-processors

Last updated: 27 April 2026

This page provides information about third-party service providers and sub-processors used by KOLOT, S.à r.l.-S, operating the product Orgix.

Orgix is a modular business management and ERP platform for small and medium-sized businesses, associations, clubs, communities and local organizations.

This page should be read together with our:

Privacy Policy: https://orgix.app/privacy-policy
Data Processing Agreement: https://orgix.app/data-processing-agreement
Terms of Service: https://orgix.app/terms

1. Who operates Orgix

Orgix is operated by:

KOLOT, S.à r.l.-S
56, rue du Parc
L-3542 Dudelange
Luxembourg

RCS Luxembourg: B302121
Business permit / Autorisation d’établissement: N° 10188303 / 0
Email: [email protected]

2. What is a sub-processor?

A sub-processor is a third-party service provider engaged by Orgix to process personal data on behalf of Orgix customers.

This usually happens when a customer organization uses Orgix as a platform and Orgix processes data on behalf of that customer organization.

For example, Orgix may use third-party providers for:

hosting infrastructure;
security and traffic protection;
payment processing;
transactional email delivery;
optional customer-connected payment integrations.

Orgix only uses sub-processors where necessary to provide, secure, maintain or support the Orgix service.

3. Current sub-processors and service providers

The following providers may process personal data or technical data in connection with Orgix.

Provider	Purpose	Data processed	Location / notes
Hetzner Online GmbH	Hosting infrastructure	Platform data, databases, files, server logs, technical infrastructure data	Germany / European Union
Cloudflare	DNS, proxy, CDN, WAF, security and availability	IP addresses, request metadata, security events, traffic data, technical logs	Global network
Stripe	Orgix subscription payments and billing	Billing details, payment status, customer/subscription identifiers, invoice/payment metadata	Orgix uses a European Stripe account; Stripe may process data globally according to its own terms
mail.adm.tools	Transactional email delivery	Email addresses, email content, verification links, password reset links, invitation links, system notification emails	Used for transactional Orgix emails
HivePay	Optional customer-connected membership payments	Payment status, external payment identifiers, amount, currency, transaction metadata, webhook payloads where configured by the customer	Only used where enabled/configured by a customer organization
Google Analytics	Website analytics	Website usage data, device/browser data, page interaction data	Not currently used. May be introduced in the future only with consent where required

4. Infrastructure components

Orgix may use self-hosted infrastructure components such as:

PostgreSQL;
Redis;
server-side file storage;
internal application services.

These components are operated within the Orgix hosting environment and are not separate external sub-processors.

5. Optional customer-connected providers

Some Orgix modules may allow customer organizations to connect their own third-party providers.

For example, the Membership module may allow a customer organization to connect:

its own Stripe account;
HivePay;
other future payment providers.

Where a customer organization connects its own provider:

the customer organization is responsible for the provider account;
the customer organization is responsible for reviewing the provider’s terms and privacy documentation;
the customer organization is responsible for ensuring that the integration is lawful;
Orgix may process payment status and transaction metadata only as needed to provide the module functionality.

Unless expressly stated otherwise, Orgix does not act as the seller of the customer organization’s membership, club subscription or internal service, and does not charge a commission on such internal payments.

6. Future providers

Orgix is under active development. As new modules and features are added, Orgix may introduce additional providers, for example for:

analytics;
monitoring;
error tracking;
customer support;
file storage;
calendar integrations;
AI-assisted features;
additional payment integrations;
communication services.

If a new provider acts as a sub-processor for Customer Personal Data, this page will be updated.

7. Changes to sub-processors

Orgix may add, replace or remove sub-processors from time to time.

Where a material new sub-processor is introduced, Orgix will provide notice by updating this page or by another appropriate method.

Customers may object to a new sub-processor on reasonable data protection grounds within 15 days after notice or publication.

If a customer objects, Orgix will use reasonable efforts to:

provide relevant information about the sub-processor;
discuss the objection with the customer;
offer a commercially reasonable alternative where available.

If no reasonable alternative is available, the customer may stop using the affected feature or terminate the affected service according to the Terms of Service.

8. International transfers

Orgix aims to host core platform data in the European Union.

Some providers may process personal data or technical data outside the European Economic Area, especially providers with global infrastructure such as Cloudflare, Stripe, Google Analytics if introduced, or other future providers.

Where required, Orgix relies on appropriate transfer safeguards such as:

adequacy decisions;
Standard Contractual Clauses;
data processing agreements;
transfer impact assessments where applicable;
other lawful transfer mechanisms under applicable data protection law.

9. Contact

For questions about Orgix sub-processors or data protection, please contact: