Subprocessors

Third-party processors engaged by to.it.com to deliver the Service, for GDPR Article 28 transparency.

We use the following subprocessors to host the Service, process payments, send email, run AI analysis, and provide optional analytics or support tools. Each processor is engaged under contractual data protection terms appropriate to their role.

Processor	Purpose	Data categories	Location	Transfers
Scaleway SAS Hosting and infrastructure	Application hosting, databases, object storage	Account data, Project data, Technical logs	France / European Union	EU processing
Stripe, Inc. Payments	Subscription billing and payment processing	Billing identity, Payment metadata	EU and United States	Standard Contractual Clauses / EU-U.S. Data Privacy Framework
Amazon Web Services (SES) Transactional email	Account verification, notifications, support email	Email address, Message content	United States	Standard Contractual Clauses
OpenAI, L.L.C. Large language model inference	Idea generation, scoring, battles, report drafting	Domain names, Generated text, Project context	United States	Standard Contractual Clauses / EU-U.S. Data Privacy Framework
Cloudflare, Inc. CDN, security, Turnstile	DDoS protection, bot mitigation, edge delivery	IP address, Request metadata	Global edge network	Standard Contractual Clauses
Functional Software, Inc. (Sentry) Error monitoring	Application diagnostics (consent-gated on web)	Technical logs, Session metadata	United States	Standard Contractual Clauses
Crisp IM SARL Support chat	Customer support (consent-gated)	Account email, Chat messages	France / United States	Standard Contractual Clauses
Google LLC Analytics and advertising tags	Optional analytics/ads measurement (consent-gated)	Usage events, Device identifiers	United States	Standard Contractual Clauses / EU-U.S. Data Privacy Framework

Last updated: May 31st, 2026. We will update this list when subprocessors change materially.