Subprocessors
Third‑party service providers that process personal data on our behalf
We engage the following subprocessors to deliver the Platform. Each subprocessor is bound by a data processing agreement and appropriate transfer safeguards. We will update this page when we add or replace subprocessors where required by law or contract.
| Subprocessor | Purpose | Data Location | Safeguards |
|---|---|---|---|
| Vercel, Inc. | Application hosting, serverless functions, CDN | EU/Global (provider network) | DPA, SCCs, security certifications |
| Supabase | Managed PostgreSQL database and pooling | EU (Paris region) | DPA, EU data residency, SCCs as applicable |
| OpenAI, L.L.C. | LLM inference for Massichat (AI assistant) | US | DPA, SCCs; no training on API data |
OAuth providers (e.g., Google, LinkedIn) act as independent controllers when used for sign‑in and are not Massimino subprocessors. DNS and domain management (IONOS) does not process platform user data.
Questions about this list? Contact us at privacy@massimino.fitness.