Under GDPR Article 28, we maintain a record of all sub-processors that handle personal data on our behalf.
We notify active customers of any new sub-processor additions at least 30 days in advance via email. If you object to a new sub-processor, contact us at provncloud@provnai.com.
| Provider | Role | Location | Data Processed | GDPR Safeguards |
|---|---|---|---|---|
| Supabase Database & Authentication | PostgreSQL database hosting, Row Level Security, and JWT-based user authentication. | EU (Frankfurt) / US (North Virginia) |
| DPA available via Supabase dashboard. EU data residency available. |
| Stripe Payment Processing | Subscription billing, invoicing, and payment method storage. | US |
| Stripe is PCI DSS Level 1 certified. Standard Contractual Clauses (SCCs) in place. |
| Railway Compute Hosting | Backend API hosting and background worker execution. | US (North Virginia) |
| SOC 2 Type II. DPA available on request. |
| Vercel Frontend Hosting & CDN | Next.js application hosting, edge caching, and analytics. | Global edge network |
| EU data residency available for Analytics. DPA available. |
| Helius Solana RPC Provider | Solana Mainnet-Beta RPC calls for transaction submission and confirmation. | US |
| No personal data transmitted. Only public blockchain data. |
| Jito Labs MEV / Bundle Infrastructure | Priority transaction bundling for sub-second Solana anchoring. | US |
| No personal data transmitted. Only public blockchain transactions. |
Need a Data Processing Agreement (DPA)?
Enterprise and Pro customers can request a signed DPA by emailing provncloud@provnai.com. We will provide our standard DPA within 5 business days. If you require a custom DPA, please allow up to 14 business days for legal review.