Subprocessors
List of subprocessors engaged by Agorà Security S.r.l. to provide the Resysto platform (the Service), pursuant to Article 28 GDPR.
Last updated: 15 July 2026.
This page lists the third-party subprocessors engaged by Agorà Security S.r.l. to provide the Resysto platform (the "Service"), the processing they perform on Customer Data, where that data is located and the safeguards applied. It is referenced by the Resysto Terms of Service and forms part of the Data Processing Agreement (DPA) concluded pursuant to Article 28 GDPR.
This list concerns the Resysto application/platform. Processing carried out through the resysto.ai marketing website (static hosting, CDN, fonts) is described separately in the Privacy Policy.
Personal data processed
The Service processes limited personal data: first name, surname, email address and telephone number. No special categories of personal data (Article 9 GDPR) are processed.
Subprocessors
| Subprocessor | Processing activity | Location (data residency) | Safeguards |
|---|---|---|---|
| Contabo GmbH (Munich, Germany) | Cloud compute and application hosting (virtual private servers) | Germany (EU) | Processing within the EU; Art. 28 data-processing agreement |
| Wasabi Technologies, Inc. (USA, with EU storage regions) | S3-compatible object storage and backups of Customer Data | Italy (Milan), Germany and France (EU) | Data stored in EU regions; Standard Contractual Clauses / transfer-impact assessment for the US parent; Art. 28 data-processing agreement |
All Customer Data is hosted and processed within the European Union / European Economic Area.
Agorà Security processing locations (not subprocessors)
The following processing is performed on Agorà Security's own infrastructure and does not involve a third-party subprocessor:
- On-premises AI server (Resysto AI Assistant / GraphRAG) — Italy (EU). Limited personal data (name, surname, email, telephone) may be processed to provide AI features.
Changes to this list
Agorà Security will inform customers of any intended addition or replacement of a subprocessor in accordance with Article 28(2) GDPR, giving customers the opportunity to object. Substantial changes will be communicated through this page and/or by notice to customers.