Sub-processor List
Regtrue uses the following third-party service providers to process data on behalf of our customers. All sub-processors have signed Data Processing Agreements (DPAs) and meet our security requirements.
Change Notifications
We update this list at least 30 days before adding new sub-processors. Subscribe to notifications by emailing dpo@regtrue.com.
| Sub-processor | Purpose | Location | DPA |
|---|---|---|---|
| Vercel Inc. | Web hosting and edge network | EU (Frankfurt) | Signed |
| Supabase Inc. | Database, authentication, storage | EU (Frankfurt) | Signed |
| OpenAI, L.L.C. | AI text generation and analysis | USA (EU DPA) | Signed |
| Google LLC (Gemini) | AI text generation and OCR | EU | Signed |
| Anthropic PBC | AI text generation (backup) | USA (EU DPA) | Signed |
| Stripe, Inc. | Payment processing | USA (EU DPA) | Signed |
| Resend, Inc. | Transactional email delivery | USA (EU DPA) | Signed |
| Functional Software, Inc. (Sentry) | Error tracking and monitoring | EU | Signed |
| Upstash, Inc. | Redis caching and rate limiting | EU (Frankfurt) | Signed |
AI Provider Data Handling
Our AI providers (OpenAI, Google Gemini, Anthropic) process data only for real-time inference:
- Data is NOT used for model training
- Prompts are NOT stored after processing
- All providers have signed enterprise DPAs with data retention disabled
International Data Transfers
For sub-processors located outside the EEA (marked as "USA"), we ensure GDPR-compliant transfers through:
- EU-U.S. Data Privacy Framework (where certified)
- Standard Contractual Clauses (EU Commission approved)
- Supplementary security measures as required
Questions?
If you have questions about our sub-processors or need documentation for your compliance needs: