Subprocessor List

Last updated: [LAST_UPDATED_DATE]

This page lists the third-party service providers ("subprocessors") that may process personal data on behalf of [COMPANY_LEGAL_NAME] in connection with [PRODUCT_NAME]. Each provider is bound by a written agreement that limits their use of personal data to providing services to us.

We notify customers of new or replaced subprocessors at least [SUBPROCESSOR_NOTICE_DAYS, e.g., 30] days in advance. To subscribe to subprocessor notifications, email [PRIVACY_EMAIL] with the subject "Subscribe — Subprocessor Updates".

Infrastructure subprocessors

These subprocessors are required to run the Service.

Subprocessor	Service	Data processed	Region(s)	Transfer mechanism (for EEA/UK data)
[HOSTING_PROVIDER, e.g., Vercel Inc.]	Application hosting, edge functions	All Service traffic, server logs	[REGION, e.g., US/EU edge]	SCCs + UK Addendum
[DATABASE_AUTH_PROVIDER, e.g., Supabase Inc.]	Postgres database, authentication, file storage	All Personal Data at rest	[REGION, e.g., EU-Frankfurt]	SCCs + UK Addendum
[PRIMARY_AI_PROVIDER, e.g., Anthropic PBC]	Tutor response generation	Message text + system prompt during request; no retention for training	[REGION, e.g., US]	SCCs + UK Addendum + Zero-retention API terms
[SECONDARY_AI_PROVIDER, e.g., OpenAI LLC]	Alternate tutor response generation (when configured)	Same as above	[REGION]	SCCs + UK Addendum + Enterprise data-processing addendum
[EMAIL_PROVIDER, e.g., Postmark / Resend]	Transactional email delivery (sign-up, billing, security)	Recipient email, message body	[REGION]	SCCs + UK Addendum
[ERROR_MONITORING, e.g., Sentry]	Error monitoring	Stack traces (scrubbed of PII), user IDs	[REGION]	SCCs + UK Addendum
[ANALYTICS_PROVIDER, e.g., Plausible / PostHog (self-hosted)]	First-party product analytics	Aggregated usage events, no message content	[REGION]	SCCs / EU-hosted

Optional / future subprocessors

These are not currently active but are planned. They will move to the "active" list with full notification when engaged.

Subprocessor	Service	When
[PAYMENT_PROVIDER, e.g., Stripe]	Payment processing for paid subscriptions	When billing launches
[ID_VERIFICATION_PROVIDER, e.g., Persona / Stripe Identity]	Verifiable parental consent via government ID match	If a free-tier path needs ID-based VPC
[CUSTOMER_SUPPORT_PROVIDER]	Customer support tooling	When the support team scales
[SCHOOL_SSO_PROVIDER, e.g., Clever / ClassLink]	Single sign-on for schools	When the schools tier launches

What each subprocessor sees

Subprocessor	Sees parent identifiers?	Sees child first name?	Sees child message content?	Sees billing info?
Hosting provider	Yes (IP, server logs)	Yes (transient)	Yes (transient, in request bodies)	Limited
Database / auth	Yes	Yes	Only if `storeTranscripts=true`	Yes (limited)
AI provider	Anonymous request ID only	First name only	Yes — message text for the duration of the request, then deleted under zero/short retention	No
Email provider	Yes (recipient address)	First name (in some emails)	No	No
Error monitoring	User ID only	First name only (when scrubbing rules allow)	No (PII scrubbing)	No
Analytics	Anonymised event IDs	No	No	No
Payment	Yes (billing address, last 4 of card)	No	No	Full payment data

Sub-subprocessors

Each subprocessor may use its own sub-processors (e.g., a hosting provider running on AWS). We rely on each subprocessor's published sub-processor list for that level of the chain.

How we manage subprocessors

Selection. We choose providers with strong child-product and education-sector privacy postures.
Diligence. Before engagement, we review the provider's certifications (SOC 2, ISO 27001), DPA, sub-processor practices, and transfer mechanisms.
Contract. Every subprocessor signs a DPA at least as protective as our customer DPA.
Review. We re-review each subprocessor annually.
Removal. If a subprocessor fails to meet our standards we replace them and migrate data.

Contact

Questions about this list, or to subscribe to updates: [PRIVACY_EMAIL].

Change history

Date	Change
[DATE]	Initial publication