Subprocessors
Hosts the Next.js frontend & API routes; holds server logs
IP addresses, HTTP headers, any request/response bodies sent to the API
EU and USA
https://vercel.com/legal/dpa
Managed Postgres database, authentication service, and object storage for user uploads
Names, email addresses, password hashes, session tokens, profile data, images
EU and USA
https://supabase.com/legal/dpa
Real-time image optimisation
User-uploaded images and the public URLs that reference them (may include facial images)
Global CDN edge network with core processing in EU
https://imagekit.io/gdpr/
Transactional e-mail delivery (sign-up confirmation, password reset, notifications, reminders, coupon codes, etc)
Recipient e-mail address, message content, IP & user-agent in click/open tracking
EU and USA
https://www.twilio.com/en-us/legal/data-protection-addendum
AI-based image classification & moderation (OpenAI Vision / Moderation API)
Images you upload (may contain identifiable faces or sensitive content)
USA
https://openai.com/policies/data-processing-addendum/
Video hosting and processing
Videos you upload (may contain identifiable faces or sensitive content)
EU / Global CDN
https://bunny.net/gdpr/
