Subprocessors List

Last Updated: November 24, 2025
Version: 1.0


Introduction

This page lists all third-party subprocessors that Vowise engages to process personal data on behalf of our users. We maintain this list in accordance with GDPR Article 28 requirements and our commitment to transparency.

What is a Subprocessor?

A subprocessor is a third-party service provider that processes personal data on our behalf to help us deliver our services. Each subprocessor has signed a Data Processing Agreement (DPA) with us that includes:

  • GDPR Article 28 compliance requirements
  • Standard Contractual Clauses (SCCs) for international transfers
  • Security measures and audit rights
  • Data breach notification obligations

Core Infrastructure Subprocessors

SubprocessorServiceLocationData ProcessedPurpose
Groq, Inc.AI Transcription APIUnited StatesAudio files (deleted immediately after processing)Convert audio recordings to text transcriptions
Supabase, Inc.Database & AuthenticationGermany (EU) / US backupAccount data, transcriptions, metadataStore user data and handle authentication
Cloudflare, Inc.CDN & SecurityGlobal (Edge Network)IP addresses, request headers, browser infoDDoS protection, content delivery, SSL termination

Payment Processing

SubprocessorServiceLocationData ProcessedPurpose
Stripe, Inc.Payment ProcessingUnited StatesName, email, billing address, payment methodProcess subscription payments and invoices

Communications

SubprocessorServiceLocationData ProcessedPurpose
Postmark (ActiveCampaign)Transactional EmailUnited StatesEmail addresses, namesSend account notifications, password resets, receipts

Analytics (Optional - Requires Consent)

SubprocessorServiceLocationData ProcessedPurpose
Google LLCGoogle AnalyticsUnited StatesIP address (anonymized), device info, usage patternsUnderstand user behavior (only with cookie consent)

Hosting Infrastructure

SubprocessorServiceLocationData ProcessedPurpose
Netcup GmbHServer HostingGermany (EU)All application data (encrypted)Host our application servers
Vercel Inc.Frontend HostingGlobal (Edge Network)Static assets, edge function logsHost and serve our web application

Data Processing Agreement (DPA) Status

SubprocessorDPA StatusSCCsData Privacy Framework
Groq✅ Signed✅ Included
Supabase✅ Signed✅ Included
Cloudflare✅ Signed✅ Included✅ Certified
Stripe✅ Signed✅ Included✅ Certified
Postmark✅ Signed✅ Included
Google Analytics✅ Standard Terms✅ Included✅ Certified
Netcup✅ SignedN/A (EU)N/A (EU)
Vercel✅ Signed✅ Included

Security Measures

All subprocessors are required to implement:

  • Encryption: TLS 1.2+ for data in transit, AES-256 for data at rest
  • Access Controls: Role-based access, multi-factor authentication
  • Monitoring: Security logging and anomaly detection
  • Incident Response: Data breach notification within 24-72 hours
  • Certifications: SOC 2 Type II, ISO 27001, or equivalent

Changes to Subprocessors

We will notify you at least 30 days in advance before adding new subprocessors or making material changes to existing ones. Notifications will be sent to:

  • Your registered email address
  • Updates on this page

Right to Object

If you object to a new subprocessor, you may:

  1. Contact us at privacy_no_spam_@vowise.com within 30 days
  2. We will work with you to address your concerns
  3. If we cannot resolve your concerns, you may terminate your account without penalty

Enterprise Customers

Enterprise customers with a signed DPA may have additional rights regarding subprocessor changes. Please refer to your DPA or contact [email protected].

Request DPA Copies

You may request copies of our DPAs with subprocessors by emailing [email protected]. Please note that some commercial terms may be redacted.

Contact

Questions about our subprocessors?
Email: dpo_no_spam_@vowise.com


← Back to Privacy Policy