This page lists all third-party sub-processors that process personal data on behalf of S2 Tikshuv Ltd in connection with E2LLM services. We maintain this list as part of our GDPR compliance obligations.
A sub-processor is a third-party service provider that processes personal data on our behalf to help deliver E2LLM services. Each sub-processor has a Data Processing Agreement (DPA) in place with us and is contractually obligated to protect your data.
Last updated: April 2, 2026
| Sub-processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Paddle.com Market Ltd | Merchant of Record — payment processing, billing, invoicing, sales tax, refunds | Email address, subscription status, transaction data, payment information | United Kingdom |
| Hetzner Online GmbH | Infrastructure hosting — MCP relay server, application hosting | IP addresses, connection metadata, session identifiers. Stored session data is encrypted client-side — Hetzner receives only encrypted data. | Germany (EU) |
| Amazon Web Services, Inc. | Infrastructure hosting — compute, storage, networking | IP addresses, connection metadata. Stored session data is encrypted client-side — AWS receives only encrypted data. | EU (eu-west-1) |
No sub-processor has access to plaintext session content. Here is what each data type looks like from their perspective:
| Data Type | Sub-processor sees | Detail |
|---|---|---|
| Page content (Extension) | Nothing | Processed locally in user's browser — never leaves the device |
| Page content (MCP) | Encrypted blobs | SiFR captures include structured page content (visible text, form values, element structure). Transmitted to our relay server, encrypted, and stored for 30 days. Infrastructure providers receive encrypted data only. Encryption keys managed by S2 Tikshuv Ltd. |
| Browsing URLs (MCP) | Encrypted blobs | Part of session data, encrypted at rest alongside captures and actions |
| Connection metadata | IP addresses, timestamps | Visible to infrastructure providers as part of normal network operations |
| Payment information | Paddle only | Card numbers, billing addresses handled exclusively by Paddle as Merchant of Record. We never see or store payment data. |
| Passwords | Nobody | External sign-in passwords never reach E2LLM. E2LLM account passwords stored as secure hashes by our authentication service. Detected password fields in browsing sessions are redacted before storage. |
S2 Tikshuv Ltd is based in Israel, which has an EU adequacy decision under Article 45 GDPR. All infrastructure sub-processors (Hetzner, AWS) operate within the EU. Where data is transferred to countries without an adequacy decision, we ensure appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission.
We will update this page when we add, remove, or change sub-processors. Material changes will be communicated to account holders via email at least 14 days before the change takes effect.
If you have concerns about a sub-processor change, contact us at info@e2llm.com within the 14-day notice period.
For questions about our sub-processors or data processing practices:
Email: info@e2llm.com
S2 Tikshuv Ltd, Haifa, Israel