Legal
Sub-Processors
Last updated April 2026
To provide the Particle service, we engage a small number of trusted third-party companies (sub-processors) who process personal data on our behalf. This page lists all current sub-processors, the data they handle, and the legal safeguards in place for any international transfers.
01
Current Sub-Processors
All sub-processors are bound by a Data Processing Agreement (DPA) pursuant to Art. 28 GDPR. They are authorized to process personal data only as instructed and for the specific purposes described below.
Clerk, Inc.
Purpose
Authentication and user identity management. Handles sign-up, sign-in, session management, and user profile data.
Data Categories
Email address, name, profile picture, authentication tokens, session data
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
Authentication and user identity management. Handles sign-up, sign-in, session management, and user profile data.
Data Categories
Email address, name, profile picture, authentication tokens, session data
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Supabase, Inc.
Purpose
Primary database and cloud synchronization. Stores all user-generated content including sessions, tasks, projects, and preferences.
Data Categories
All user data: focus sessions, tasks, projects, intentions, preferences, AI coach history
Location
EU — Frankfurt, Germany (AWS eu-central-1)
Transfer Safeguard
EU hosting — no transfer outside EEA
Purpose
Primary database and cloud synchronization. Stores all user-generated content including sessions, tasks, projects, and preferences.
Data Categories
All user data: focus sessions, tasks, projects, intentions, preferences, AI coach history
Location
EU — Frankfurt, Germany (AWS eu-central-1)
Transfer Safeguard
EU hosting — no transfer outside EEA
Stripe, Inc.
Purpose
Payment processing and subscription management. Handles billing, invoicing, and subscription lifecycle.
Data Categories
Billing name, email, payment method metadata (card last 4 digits, expiry), billing address, transaction history
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
Purpose
Payment processing and subscription management. Handles billing, invoicing, and subscription lifecycle.
Data Categories
Billing name, email, payment method metadata (card last 4 digits, expiry), billing address, transaction history
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
OpenRouter, Inc.
Purpose
AI model routing for the AI Coach feature. Routes requests to the appropriate AI model provider (Anthropic or Google).
Data Categories
AI Coach conversation messages, session context metadata
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
AI model routing for the AI Coach feature. Routes requests to the appropriate AI model provider (Anthropic or Google).
Data Categories
AI Coach conversation messages, session context metadata
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Anthropic, PBC
Purpose
AI language model (Claude) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
AI language model (Claude) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Google LLC
Purpose
AI language model (Gemini) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
Purpose
AI language model (Gemini) used by the AI Coach feature, accessed via OpenRouter.
Data Categories
AI Coach conversation messages sent to the model for response generation
Location
United States
Transfer Safeguard
EU-U.S. Data Privacy Framework + Standard Contractual Clauses (SCCs)
Vercel, Inc.
Purpose
Application hosting, content delivery network (CDN), and serverless function infrastructure.
Data Categories
IP addresses, request logs, User-Agent strings (standard web server logs, retained briefly)
Location
Global edge network — primary processing in United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
Purpose
Application hosting, content delivery network (CDN), and serverless function infrastructure.
Data Categories
IP addresses, request logs, User-Agent strings (standard web server logs, retained briefly)
Location
Global edge network — primary processing in United States
Transfer Safeguard
Standard Contractual Clauses (SCCs)
02
AI Data Processing
When you use the AI Coach feature, your conversation messages are routed through OpenRouter to one of our AI model providers (Anthropic Claude or Google Gemini). The routing is handled automatically based on availability and performance.
We have confirmed with our AI providers that:
Your conversation data is not used to train their models
Data is processed solely to generate the response to your query
Data is not retained beyond what is required to fulfill the request
All processing is covered by the DPAs and transfer mechanisms listed above
You can disable AI features at any time in Settings, which will prevent any data from being sent to AI providers.
03
Changes to Sub-Processors
We will notify customers of any new sub-processors or significant changes to existing ones by updating this page and, for material changes, via email or in-app notification. The “last updated” date at the top of this page reflects the most recent revision.
For questions or objections regarding our use of sub-processors, contact us at privacy@particle.day.