Sub-processors
Third-party services we use and their security credentials
Last updated: April 13, 2026
Cloud infrastructure, data hosting, and AI model hosting
User authentication and identity management
Payment processing and subscriptions
Our sub-processors
We carefully select third-party service providers based on their security credentials, data protection practices, and, wherever possible, their European presence.
Selection criteria
When choosing sub-processors, we prioritize:
- European hosting: Wherever possible, we select providers that host data within the EU
- Security certifications: We favor providers with recognized security certifications (ISO 27001, SOC 2, etc.)
- GDPR compliance: All our sub-processors are contractually bound to GDPR compliance
- Data minimization: We share only the minimum data necessary for each service to function
European-first infrastructure
A core part of our security and privacy strategy is maintaining a European-first infrastructure. Our primary services, including hosting, authentication, and AI processing, are all handled by providers with European data residency:
- Scaleway hosts our infrastructure and AI models in French data centers with ISO 27001:2022 certification
- Auth0 provides authentication with EU data residency, certified under ISO 27001, SOC 2, and CSA STAR
Data processing agreements
We maintain Data Processing Agreements (DPAs) with all sub-processors, ensuring they meet our standards for data protection and are contractually obligated to handle data in compliance with GDPR and other applicable regulations.