Subprocessor List
Last updated: [LAST_UPDATED_DATE]
This page lists the third-party service providers ("subprocessors") that may process personal data on behalf of [COMPANY_LEGAL_NAME] in connection with Lumi Tutor. Each provider is bound by a written agreement that limits their use of personal data to providing services to us.
We notify customers of new or replaced subprocessors at least 30 days in advance. To subscribe to subprocessor notifications, email [PRIVACY_EMAIL] with the subject "Subscribe — Subprocessor Updates".
Infrastructure subprocessors
These subprocessors are required to run the Service.
| Subprocessor | Service | Data processed | Region(s) | Transfer mechanism (for EEA/UK data) |
|---|---|---|---|---|
| [HOSTING_PROVIDER, e.g., Vercel Inc.] | Application hosting, edge functions | All Service traffic, server logs | [REGION, e.g., US/EU edge] | SCCs + UK Addendum |
| [DATABASE_AUTH_PROVIDER, e.g., Supabase Inc.] | Postgres database, authentication, file storage | All Personal Data at rest | [REGION, e.g., EU-Frankfurt] | SCCs + UK Addendum |
| [PRIMARY_AI_PROVIDER, e.g., Anthropic PBC] | Tutor response generation | Message text + system prompt during request; no retention for training | [REGION, e.g., US] | SCCs + UK Addendum + Zero-retention API terms |
| OpenAI | Alternate tutor response generation (when configured) | Same as above | [REGION] | SCCs + UK Addendum + Enterprise data-processing addendum |
| [EMAIL_PROVIDER, e.g., Postmark / Resend] | Transactional email delivery (sign-up, billing, security) | Recipient email, message body | [REGION] | SCCs + UK Addendum |
| [ERROR_MONITORING, e.g., Sentry] | Error monitoring | Stack traces (scrubbed of PII), user IDs | [REGION] | SCCs + UK Addendum |
| [ANALYTICS_PROVIDER, e.g., Plausible / PostHog (self-hosted)] | First-party product analytics | Aggregated usage events, no message content | [REGION] | SCCs / EU-hosted |
Optional / future subprocessors
These are not currently active but are planned. They will move to the "active" list with full notification when engaged.
| Subprocessor | Service | When |
|---|---|---|
| Stripe | Payment processing for paid subscriptions | When billing launches |
| [ID_VERIFICATION_PROVIDER, e.g., Persona / Stripe Identity] | Verifiable parental consent via government ID match | If a free-tier path needs ID-based VPC |
| [CUSTOMER_SUPPORT_PROVIDER] | Customer support tooling | When the support team scales |
| [SCHOOL_SSO_PROVIDER, e.g., Clever / ClassLink] | Single sign-on for schools | When the schools tier launches |
What each subprocessor sees
| Subprocessor | Sees parent identifiers? | Sees child first name? | Sees child message content? | Sees billing info? |
|---|---|---|---|---|
| Hosting provider | Yes (IP, server logs) | Yes (transient) | Yes (transient, in request bodies) | Limited |
| Database / auth | Yes | Yes | Only if storeTranscripts=true | Yes (limited) |
| AI provider | Anonymous request ID only | First name only | Yes — message text for the duration of the request, then deleted under zero/short retention | No |
| Email provider | Yes (recipient address) | First name (in some emails) | No | No |
| Error monitoring | User ID only | First name only (when scrubbing rules allow) | No (PII scrubbing) | No |
| Analytics | Anonymised event IDs | No | No | No |
| Payment | Yes (billing address, last 4 of card) | No | No | Full payment data |
Sub-subprocessors
Each subprocessor may use its own sub-processors (e.g., a hosting provider running on AWS). We rely on each subprocessor's published sub-processor list for that level of the chain.
How we manage subprocessors
- Selection. We choose providers with strong child-product and education-sector privacy postures.
- Diligence. Before engagement, we review the provider's certifications (SOC 2, ISO 27001), DPA, sub-processor practices, and transfer mechanisms.
- Contract. Every subprocessor signs a DPA at least as protective as our customer DPA.
- Review. We re-review each subprocessor annually.
- Removal. If a subprocessor fails to meet our standards we replace them and migrate data.
Contact
Questions about this list, or to subscribe to updates: [PRIVACY_EMAIL].
Change history
| Date | Change |
|---|---|
| [DATE] | Initial publication |