Data Processors & Service Providers

Complete list of third-party services that process your data

Data Processing Transparency
In accordance with GDPR Article 28, we maintain this comprehensive list of all data processors and service providers that handle personal data on our behalf. Each processor has appropriate data protection agreements and safeguards in place.
All processors have signed DPAs
GDPR compliance verified
EU region options available

This list is regularly reviewed whenever we add or replace a provider, and we harmonize the safeguards with supervision audits. We keep it updated for transparency, even while our business domain and emails are still being finalized.

For questions about subprocessors or upcoming changes, contact privacy@pdfextractorai.com. Once the new domain and Resend-powered mailboxes are ready, the contact addresses will switch to the official support/tech/business inboxes.

🏗️
Vercel Inc.
Web hosting, serverless functions, and content delivery
infrastructure
GDPR Compliant
EU Region Available

Data Location

Global with EU edge caching (fra1, ams1 regions available)

Data Retention

Logs retained for 30 days, then deleted

Data Types Processed

IP addresses
Request logs
Performance metrics
Error logs

Data Protection Safeguards

  • Vercel Data Processing Addendum
  • Standard Contractual Clauses (SCCs)
  • SOC 2 Type II compliance
  • ISO 27001 certification
  • Data encryption in transit and at rest
🗄️
Supabase Inc.
Database hosting, user authentication, and real-time features
database
GDPR Compliant
EU Region Available

Data Location

US East (with EU region available on paid plans)

Data Retention

User-controlled, automatic cleanup available

Data Types Processed

User profiles
Usage data
Authentication tokens
Application data

Data Protection Safeguards

  • Supabase Data Processing Agreement
  • Standard Contractual Clauses (SCCs)
  • SOC 2 Type II compliance
  • Data encryption in transit and at rest
  • Regular security audits
🤖
OpenAI L.P.
AI-powered PDF document processing and data extraction
ai
GDPR Compliant

Data Location

United States (global CDN)

Data Retention

30 days maximum for API data, then deleted

Data Types Processed

PDF content
Extracted data
Processing metadata

Data Protection Safeguards

  • OpenAI Enterprise Privacy Agreement
  • Standard Contractual Clauses (SCCs)
  • SOC 2 Type II compliance
  • Zero data retention for API calls (Enterprise)
  • Data encryption in transit and at rest
🤖
Google LLC (Gemini API)
AI-powered PDF document processing and data extraction
ai
GDPR Compliant
EU Region Available

Data Location

Configurable (EU regions: europe-west1, europe-west4)

Data Retention

Configurable, immediate deletion available

Data Types Processed

PDF content
Extracted data
Processing metadata

Data Protection Safeguards

  • Google Cloud Data Processing Addendum
  • Standard Contractual Clauses (SCCs)
  • ISO 27001, SOC 2 Type II compliance
  • Data residency controls
  • Configurable retention policies
Your Rights Regarding Data Processors

What We Ensure

  • • All processors have signed comprehensive Data Processing Agreements (DPAs)
  • • Regular compliance audits and security assessments
  • • Appropriate technical and organizational measures
  • • Immediate notification of any data breaches
  • • Data deletion capabilities when required

Your Rights

  • • Right to know which processors handle your data
  • • Right to object to specific processing activities
  • • Right to request data deletion from all processors
  • • Right to receive copies of relevant DPAs upon request
  • • Right to file complaints with supervisory authorities

International Data Transfers

When your data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. For EU users, we prioritize processors that offer EU region hosting where technically feasible.

Contact for Processor-Related Inquiries

For questions about our data processors, to request DPA copies, or to exercise your rights regarding processor activities, contact us at privacy@pdfextractorai.com.