Legal
Sub-Processors
Last updated May 2026
To provide the Particle service, we engage a small number of trusted third-party companies (sub-processors) who process personal data on our behalf. This page lists all current sub-processors, the data they handle, and the legal safeguards in place for any international transfers.
01
Current Sub-Processors
All sub-processors are bound by a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. They are authorized to process personal data only as instructed and for the specific purposes described below.
Clerk, Inc.
Purpose
Authentication and user identity management. Handles sign-up, sign-in, session management, and user profile data.
Data Categories
Email address, name, profile picture, authentication tokens, session data
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
Authentication and user identity management. Handles sign-up, sign-in, session management, and user profile data.
Data Categories
Email address, name, profile picture, authentication tokens, session data
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Supabase, Inc.
Purpose
Primary database and cloud synchronization. Stores all user-generated content including sessions, tasks, projects, and preferences.
Data Categories
All user data: focus sessions, tasks, projects, intentions, preferences, AI coach history
Location
EU — Frankfurt, Germany (AWS eu-central-1)
Transfer Safeguard
EU hosting — no transfer outside EEA
Purpose
Primary database and cloud synchronization. Stores all user-generated content including sessions, tasks, projects, and preferences.
Data Categories
All user data: focus sessions, tasks, projects, intentions, preferences, AI coach history
Location
EU — Frankfurt, Germany (AWS eu-central-1)
Transfer Safeguard
EU hosting — no transfer outside EEA
Stripe, Inc.
Purpose
Payment processing and subscription management. Handles billing, invoicing, and subscription lifecycle.
Data Categories
Billing name, email, payment method metadata (card last 4 digits, expiry), billing address, transaction history
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
Purpose
Payment processing and subscription management. Handles billing, invoicing, and subscription lifecycle.
Data Categories
Billing name, email, payment method metadata (card last 4 digits, expiry), billing address, transaction history
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
OpenRouter, Inc.
Purpose
AI model routing for the AI Coach feature. Routes requests to the appropriate AI model provider (Anthropic or Google).
Data Categories
AI Coach conversation messages, session context metadata
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
AI model routing for the AI Coach feature. Routes requests to the appropriate AI model provider (Anthropic or Google).
Data Categories
AI Coach conversation messages, session context metadata
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Anthropic, PBC
Purpose
AI language model (Claude) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
AI language model (Claude) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Google LLC
Purpose
AI language model (Gemini) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
Purpose
AI language model (Gemini) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
Vercel, Inc.
Purpose
Application hosting, content delivery network (CDN), and serverless function infrastructure.
Data Categories
IP addresses, request logs, User-Agent strings (standard web server logs, retained briefly)
Location
Global edge network — primary processing in United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
Application hosting, content delivery network (CDN), and serverless function infrastructure.
Data Categories
IP addresses, request logs, User-Agent strings (standard web server logs, retained briefly)
Location
Global edge network — primary processing in United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Functional Software, Inc. (Sentry)
Purpose
Error tracking and application performance monitoring. Captures exceptions and request context to diagnose production issues.
Data Categories
Authenticated user ID (no email), error stack traces, technical request metadata. User-content fields (invoice items, journal entries, intentions, todos, message bodies) are redacted before transmission.
Location
EU — Frankfurt, Germany (Sentry EU data region)
Transfer Safeguard
EU data residency; Standard Contractual Clauses (SCCs) with US parent entity
Purpose
Error tracking and application performance monitoring. Captures exceptions and request context to diagnose production issues.
Data Categories
Authenticated user ID (no email), error stack traces, technical request metadata. User-content fields (invoice items, journal entries, intentions, todos, message bodies) are redacted before transmission.
Location
EU — Frankfurt, Germany (Sentry EU data region)
Transfer Safeguard
EU data residency; Standard Contractual Clauses (SCCs) with US parent entity
PostHog EU (PostHog, Inc.)
Purpose
Product analytics: pageviews and feature-usage events (consent-gated for EU/EEA/UK visitors; legitimate interest with one-click opt-out elsewhere). No session recording, no autocapture, no advertising use.
Data Categories
Random browser identifier (local storage), pseudonymous account ID for signed-in users (no email, no name), page URLs, referrer/UTM labels, feature-event names and coarse properties. Work content (task titles, project names) is never transmitted.
Location
EU — Frankfurt, Germany (PostHog EU Cloud)
Transfer Safeguard
EU data residency; Standard Contractual Clauses (SCCs) with US parent entity
Purpose
Product analytics: pageviews and feature-usage events (consent-gated for EU/EEA/UK visitors; legitimate interest with one-click opt-out elsewhere). No session recording, no autocapture, no advertising use.
Data Categories
Random browser identifier (local storage), pseudonymous account ID for signed-in users (no email, no name), page URLs, referrer/UTM labels, feature-event names and coarse properties. Work content (task titles, project names) is never transmitted.
Location
EU — Frankfurt, Germany (PostHog EU Cloud)
Transfer Safeguard
EU data residency; Standard Contractual Clauses (SCCs) with US parent entity
Upstash, Inc.
Purpose
Rate-limiting infrastructure (serverless Redis). Stores short-lived counters to throttle abusive request volumes and protect the API.
Data Categories
IP addresses and authenticated user IDs used as rate-limit keys (ephemeral; expire within minutes to hours)
Location
EU — Frankfurt, Germany (Upstash EU region)
Transfer Safeguard
EU data residency; Standard Contractual Clauses (SCCs) with US parent entity
Purpose
Rate-limiting infrastructure (serverless Redis). Stores short-lived counters to throttle abusive request volumes and protect the API.
Data Categories
IP addresses and authenticated user IDs used as rate-limit keys (ephemeral; expire within minutes to hours)
Location
EU — Frankfurt, Germany (Upstash EU region)
Transfer Safeguard
EU data residency; Standard Contractual Clauses (SCCs) with US parent entity
Resend, Inc.
Purpose
Transactional and contact-form email delivery (account notifications, contact-form submissions).
Data Categories
Recipient email address, email subject and body content
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
Transactional and contact-form email delivery (account notifications, contact-form submissions).
Data Categories
Recipient email address, email subject and body content
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Cloudflare, Inc.
Purpose
Bot protection (Cloudflare Turnstile) on public forms to prevent automated abuse, without cross-site tracking or fingerprinting.
Data Categories
IP address, browser/device signals and interaction telemetry, processed transiently for human-vs-bot challenge verification
Location
Global edge network — primary processing in United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
Bot protection (Cloudflare Turnstile) on public forms to prevent automated abuse, without cross-site tracking or fingerprinting.
Data Categories
IP address, browser/device signals and interaction telemetry, processed transiently for human-vs-bot challenge verification
Location
Global edge network — primary processing in United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
02
Operational Tools (No Personal Data Processing)
We also use operational tooling that helps us run Particle but does not process personal data of our users, and is therefore not a sub-processor under Art. 28 GDPR:
Checkly, Inc.
Synthetic uptime monitoring. Checkly generates its own automated requests against our public, unauthenticated pages to detect outages. It does not receive, store, or process any end-user personal data — only technical response metadata (HTTP status, load timing). It is listed here for full transparency, not because it acts as a data processor.
This assessment holds as long as monitoring stays unauthenticated. If an authenticated check that handles user data is ever introduced, Checkly would be reclassified as a sub-processor and a DPA executed.
03
AI Data Processing
When you use the AI Coach feature, your conversation messages are routed through OpenRouter to one of our AI model providers (Anthropic Claude or Google Gemini). The routing is handled automatically based on availability and performance.
We have confirmed with our AI providers that:
Your conversation data is not used to train their models
Data is processed solely to generate the response to your query
Data is not retained beyond what is required to fulfill the request
All processing is covered by the DPAs and transfer mechanisms listed above
You can disable AI features at any time in Settings, which will prevent any data from being sent to AI providers.
04
Changes to Sub-Processors
We will notify customers of any new sub-processors or significant changes to existing ones by updating this page and, for material changes, via email or in-app notification. The “last updated” date at the top of this page reflects the most recent revision.
For questions or objections regarding our use of sub-processors, contact us at legal@particle.day.