Sub-processors

The vendors behind the platform.

HotelBee uses a small number of carefully vetted sub-processors to deliver our service. This page lists every one of them, what they do, what data they touch, and where they operate. We update it whenever we add, remove or change a vendor.

Last updated 29 April 2026Effective from 01 May 2026

How this list works

A sub-processor is a third party that processes personal data on behalf of HotelBee in order to deliver the platform, for example, an OTA channel manager, a payment provider, or a cloud-infrastructure host. Under our Data Processing Agreement, every customer is informed of new sub-processors before they are engaged, with the right to object.

Each entry below specifies the purpose, the categories of data shared, the country/region of processing, and the transfer mechanism for data leaving the European Economic Area (where applicable). Customers on Enterprise plans can opt out of specific sub-processors where a like-for-like alternative exists, write to privacy@hotelbee.co.

Change notifications

We notify customers at least 30 days before adding a new sub-processor or materially expanding the role of an existing one. Notifications are sent by email to the account owner and posted on this page. If you have not registered for sub-processor notifications, sign up at privacy@hotelbee.co with the subject "Sub-processor updates".

Cloud infrastructure

Hosting, compute, storage, networking, observability and email delivery, the platform layer.

Sub-processor	Purpose	Data categories	Location	Transfer mechanism
Amazon Web Services (AWS)	Primary cloud hosting, application servers, databases, file storage, backups.	All Customer Data and personal data processed by HotelBee.	Frankfurt (eu-central-1) primary, Stockholm (eu-north-1) DR.	Within EEA. AWS GDPR DPA in place.
Cloudflare, Inc.	Content delivery, DDoS protection, WAF, DNS.	Connection metadata (IP, user agent), TLS-terminated traffic.	Global edge network with EU PoPs preferred.	EU SCCs + EU–US Data Privacy Framework.
Postmark (ActiveCampaign)	Transactional email, booking confirmations, password resets, system notifications.	Recipient name and email, message content.	United States.	EU SCCs + EU–US Data Privacy Framework.
Datadog, Inc.	Application performance monitoring, log aggregation, error tracking.	Server logs (may contain user identifiers), performance metrics.	EU region (Frankfurt).	Within EEA. EU SCCs in place for any onward transfer.

Amazon Web Services (AWS)
Purpose
Primary cloud hosting, application servers, databases, file storage, backups.
Data
All Customer Data and personal data processed by HotelBee.
Location
Frankfurt (eu-central-1) primary, Stockholm (eu-north-1) DR.
Transfer mechanism
Within EEA. AWS GDPR DPA in place.
Cloudflare, Inc.
Purpose
Content delivery, DDoS protection, WAF, DNS.
Data
Connection metadata (IP, user agent), TLS-terminated traffic.
Location
Global edge network with EU PoPs preferred.
Transfer mechanism
EU SCCs + EU–US Data Privacy Framework.
Postmark (ActiveCampaign)
Purpose
Transactional email, booking confirmations, password resets, system notifications.
Data
Recipient name and email, message content.
Location
United States.
Transfer mechanism
EU SCCs + EU–US Data Privacy Framework.
Datadog, Inc.
Purpose
Application performance monitoring, log aggregation, error tracking.
Data
Server logs (may contain user identifiers), performance metrics.
Location
EU region (Frankfurt).
Transfer mechanism
Within EEA. EU SCCs in place for any onward transfer.

Channel managers & OTAs

Distribution of inventory, rates and reservations across booking sites.

Sub-processor	Purpose	Data categories	Location	Transfer mechanism
Channex Ltd.	Channel-manager connector for distribution to 100+ OTAs.	Reservations, guest names, contact details, payment authorisation tokens, rate and inventory data.	United Kingdom.	UK Adequacy Decision + EU SCCs as fallback.
Beds24 GmbH	Alternative channel-manager connector (opt-in for properties already on Beds24).	Reservations, guest names, contact details, rate and inventory data.	Germany.	Within EEA.
Booking.com B.V.	OTA distribution and reservation receipt (via Channex).	Reservation details, guest names, contact details.	Netherlands.	Within EEA.
Expedia Group, Inc.	OTA distribution and reservation receipt (via Channex).	Reservation details, guest names, contact details.	United States.	EU SCCs + EU–US Data Privacy Framework.
Airbnb Ireland UC	Vacation-rental distribution and reservation receipt (via Channex).	Reservation details, guest names, message content.	Ireland.	Within EEA. EU SCCs for onward US transfers by Airbnb.

Channex Ltd.
Purpose
Channel-manager connector for distribution to 100+ OTAs.
Data
Reservations, guest names, contact details, payment authorisation tokens, rate and inventory data.
Location
United Kingdom.
Transfer mechanism
UK Adequacy Decision + EU SCCs as fallback.
Beds24 GmbH
Purpose
Alternative channel-manager connector (opt-in for properties already on Beds24).
Data
Reservations, guest names, contact details, rate and inventory data.
Location
Germany.
Transfer mechanism
Within EEA.
Booking.com B.V.
Purpose
OTA distribution and reservation receipt (via Channex).
Data
Reservation details, guest names, contact details.
Location
Netherlands.
Transfer mechanism
Within EEA.
Expedia Group, Inc.
Purpose
OTA distribution and reservation receipt (via Channex).
Data
Reservation details, guest names, contact details.
Location
United States.
Transfer mechanism
EU SCCs + EU–US Data Privacy Framework.
Airbnb Ireland UC
Purpose
Vacation-rental distribution and reservation receipt (via Channex).
Data
Reservation details, guest names, message content.
Location
Ireland.
Transfer mechanism
Within EEA. EU SCCs for onward US transfers by Airbnb.

Payments

Card processing, fraud prevention, settlement and reconciliation.

Sub-processor	Purpose	Data categories	Location	Transfer mechanism
Stripe Payments Europe, Ltd.	Card payment processing, fraud detection, settlement.	Card details (tokenised), transaction amounts, billing address, IP address.	Ireland (primary), with onward transfer to Stripe Inc. (US) for fraud models.	Within EEA + EU SCCs + EU–US Data Privacy Framework.
Adyen N.V.	Alternative card processor (opt-in for high-volume properties).	Card details (tokenised), transaction amounts, billing data.	Netherlands.	Within EEA.
Wise Payments Ltd.	Cross-border bank payouts to property owners and partners.	Bank account details, beneficiary names, transaction amounts.	Belgium and United Kingdom.	Within EEA + UK Adequacy Decision.

Stripe Payments Europe, Ltd.
Purpose
Card payment processing, fraud detection, settlement.
Data
Card details (tokenised), transaction amounts, billing address, IP address.
Location
Ireland (primary), with onward transfer to Stripe Inc. (US) for fraud models.
Transfer mechanism
Within EEA + EU SCCs + EU–US Data Privacy Framework.
Adyen N.V.
Purpose
Alternative card processor (opt-in for high-volume properties).
Data
Card details (tokenised), transaction amounts, billing data.
Location
Netherlands.
Transfer mechanism
Within EEA.
Wise Payments Ltd.
Purpose
Cross-border bank payouts to property owners and partners.
Data
Bank account details, beneficiary names, transaction amounts.
Location
Belgium and United Kingdom.
Transfer mechanism
Within EEA + UK Adequacy Decision.

Customer support & sales

Tools that help us communicate with prospects, customers and their guests.

Sub-processor	Purpose	Data categories	Location	Transfer mechanism
Intercom R&D Unlimited Company	In-app chat for customer support, sales chat on the website.	Conversation content, account email, IP address, browser metadata.	Ireland (primary), United States (engineering).	Within EEA + EU SCCs + EU–US Data Privacy Framework.
Calendly LLC	Demo scheduling on hotelbee.co.	Name, email address, scheduled time and timezone.	United States.	EU SCCs + EU–US Data Privacy Framework.
HubSpot, Inc.	CRM for sales pipeline, marketing email to opted-in subscribers.	Name, work email, company, conversation history.	Germany (EU data centre).	Within EEA. EU SCCs + Data Privacy Framework for onward US transfers.

Intercom R&D Unlimited Company
Purpose
In-app chat for customer support, sales chat on the website.
Data
Conversation content, account email, IP address, browser metadata.
Location
Ireland (primary), United States (engineering).
Transfer mechanism
Within EEA + EU SCCs + EU–US Data Privacy Framework.
Calendly LLC
Purpose
Demo scheduling on hotelbee.co.
Data
Name, email address, scheduled time and timezone.
Location
United States.
Transfer mechanism
EU SCCs + EU–US Data Privacy Framework.
HubSpot, Inc.
Purpose
CRM for sales pipeline, marketing email to opted-in subscribers.
Data
Name, work email, company, conversation history.
Location
Germany (EU data centre).
Transfer mechanism
Within EEA. EU SCCs + Data Privacy Framework for onward US transfers.

Analytics

Aggregate website analytics, used only to improve the site, not to track individuals.

Sub-processor	Purpose	Data categories	Location	Transfer mechanism
Plausible Insights OÜ	Cookieless aggregate website analytics.	Aggregated, non-personal page-view counts. No cookies, no fingerprinting.	Estonia.	Within EEA.
Microsoft Corporation (Clarity)	Heatmaps and session replay on hotelbee.co (consent-gated, identifiers masked).	Anonymised mouse movements, click coordinates, scroll depth.	United States.	EU SCCs + EU–US Data Privacy Framework.

Plausible Insights OÜ
Purpose
Cookieless aggregate website analytics.
Data
Aggregated, non-personal page-view counts. No cookies, no fingerprinting.
Location
Estonia.
Transfer mechanism
Within EEA.
Microsoft Corporation (Clarity)
Purpose
Heatmaps and session replay on hotelbee.co (consent-gated, identifiers masked).
Data
Anonymised mouse movements, click coordinates, scroll depth.
Location
United States.
Transfer mechanism
EU SCCs + EU–US Data Privacy Framework.

Questions or objections

For questions about any sub-processor or to formally object to one, contact privacy@hotelbee.co or write to Strowberry Code, Attn. Data Protection, Rruga Reshit Petrela, Tirana, Albania. We will respond to all sub-processor objections within 14 calendar days.

Email privacy@hotelbee.co Read the DPA