The third-party service providers that process personal data on our behalf, with details about their role, data categories, hosting region, and the data processing agreement (DPA) that governs the relationship.
Last updated: May 21, 2026
We use the following subprocessors to operate our service. Each one is bound by a Data Processing Agreement (DPA) and, where applicable, the European Commission's Standard Contractual Clauses for international transfers. This list is published in compliance with GDPR Article 28, UK GDPR, Quebec Law 25, Swiss FADP, and the CCPA service-provider disclosure requirement.
| Subprocessor | Purpose | Data categories | Hosting region | Legal docs |
|---|---|---|---|---|
| Supabase | Database, authentication, file storage |
| US (with EU/UK hosting available) | |
| Stripe | Payment processing, subscription billing |
| US / IE (EU operations) | |
| Brevo (Sendinblue) | Transactional & marketing email delivery |
| FR / EU | |
| Mailjet | Transactional email delivery (fallback) |
| FR / EU | |
| Cloudflare | CDN, DDoS protection, Turnstile bot protection |
| US (EU SCCs in place) | |
| Upstash | Redis-based rate limiting & ephemeral caching |
| US (with EU regions) | |
| Crisp | Live chat support (loaded only with consent) |
| FR / EU | |
| Google (Tag Manager + Analytics) | Web analytics (loaded only with analytics consent) |
| US (EU SCCs + Data Privacy Framework) | |
| Meta (Pixel) | Marketing conversion tracking (loaded only with marketing consent) |
| US / IE (EU SCCs) | |
| OpenAI | AI inference (chat, code, writing assistants) |
| US (EU SCCs; zero-retention API mode) | |
| Anthropic | AI inference (Claude models) |
| US (EU SCCs) | |
| Google AI (Gemini) | AI inference (Gemini models) |
| US (EU SCCs + Data Privacy Framework) |
Some of our subprocessors are located outside the European Economic Area. For transfers to the United States, we rely on the EU–US Data Privacy Framework where the recipient is certified, and on the European Commission's Standard Contractual Clauses (SCCs) in all other cases. Switzerland is recognized as offering an adequate level of protection. Transfers to or from Canada are covered by PIPEDA-equivalent safeguards.
When we add or remove a subprocessor that materially changes how we process your personal data, we update this page. If you would like to be notified of changes by email, contact us at [email protected].