A sub-processor is a third party Meta-Me uses to handle personal data on its behalf. We use the term "sub-processor" loosely to mean any third-party service that touches your data — strictly speaking some are processors and some are sub-processors, but the practical question for you is the same: which third parties see what?
Each provider below has a Data Processing Agreement (DPA) in place that we accept on sign-up (their standard terms — we don't negotiate bespoke contracts at our scale). Transfers outside the UK are covered by their published Standard Contractual Clauses or UK adequacy mechanisms.
We will give reasonable notice (via this page) before adding a new sub-processor that materially changes how your data is processed. Subscribe to changes by watching the privacy folder on GitHub if you want commit-level visibility.
Current sub-processors
| Sub-processor | Purpose | Data | Location | DPA / SCCs |
|---|---|---|---|---|
| Stripe Payments Europe Ltd | Payment processing, billing, invoicing | Name, email, billing address, card token (we never see card numbers), subscription state | Ireland (HQ) + US | DPA |
| Anthropic, PBC | AI inference (Claude) for chat, summarisation, search | Whatever content you submit to AI features (prompts + relevant context) | US | DPA (SCCs included) |
| Google LLC (Gemini API, OAuth, Workspace SMTP) | AI inference (Gemini), Google sign-in, outbound transactional email | AI: prompts + relevant context. OAuth: profile name/email/picture. SMTP: recipient address + message body for emails we send you (verification, password reset, feedback notifications). | US | DPA (SCCs included) |
| Cloudflare, Inc. | DNS, Cloudflare Tunnel reverse-proxy, email routing for [email protected] | Request IP + URL (in transit), no payload logging. DNS-only mode (not proxied). Inbound email metadata for the catch-all route. | US (global edge) | DPA (SCCs included) |
| Google Cloud Storage (off-site backup) | Encrypted nightly database snapshots | Full database, encrypted at rest with a key only we hold | EU (europe-west1) | Covered by the Google DPA above |
Infrastructure operated by us
The following are not sub-processors — they are infrastructure we run ourselves:
- Application servers (Mac mini, UK): our SvelteKit apps and the shared PostgreSQL database. Located in the UK; physical access controlled.
- Application database: PostgreSQL on the Mac mini. UK location. Nightly encrypted backups to Google Cloud Storage (listed above).
Removed / past sub-processors
None to date.
Changes
The "last updated" date at the top reflects the most recent change. Material changes will be announced via email to active users at least 14 days in advance.
Contact
Questions about a specific sub-processor or our data-sharing in general: [email protected].