The issue is, that a number of other services are using your service for providing their service. E.g., workleap.com . When a company from the European Union wants to use, e.g. workleap, or any other service using your services, a careful DPO will check the subprocessor list. Eventually s/he will stumble upon render.com beeing used to process personal data as a subprocessor. Since render.com is not part of the eu-us data privacy framework s/he will must likely object to using that service. Since render ist nor part of the eu-us data privacy framework any EU company can in general not legally use a service using render as subprocessor.