Subprocessors
Last Updated: April 20, 2026
A subprocessor is any third-party vendor that processes personal information on behalf of LVRS FRVR. We use a small, deliberate set of trusted subprocessors to run our service.
Every subprocessor below has been reviewed for security, privacy, and reliability. Each one is bound by a Data Processing Addendum (DPA) or equivalent terms that require them to safeguard your data.
We will notify customers of material changes to this list at least 30 days before a new subprocessor begins processing personal information. Customers on enterprise plans may object to a new subprocessor in writing within that window.
Current Subprocessors
| Vendor | Purpose | Data Shared | Region | Certifications | DPA |
|---|---|---|---|---|---|
| Convex | Primary database and backend runtime | Account data, partner links, completions, journals, pulse responses, consent records | United States | SOC 2 Type II | Standard Terms |
| Vercel, Inc. | Website and application hosting, edge network, analytics | Server logs, IP addresses, technical usage data | United States (global edge) | SOC 2 Type II, ISO 27001, HIPAA-capable | Standard Terms |
| Stripe, Inc. | Payment processing, subscription management, tax | Payment method, billing address, Stripe customer ID, transaction records | United States | PCI-DSS Level 1, SOC 1, SOC 2, ISO 27001 | Standard Terms |
| Resend, Inc. | Transactional and marketing email delivery | Email address, first name, email content, open and click events | United States | SOC 2 Type II | Standard Terms |
| Twilio, Inc. | SMS notification delivery | Phone number, SMS content, delivery status | United States | SOC 2 Type II, ISO 27001, HIPAA-capable | Standard Terms |
| Google Analytics 4 | Web analytics (consent-gated, respects Global Privacy Control) | Anonymized usage events, page views, referrer, device category | United States | SOC 2 Type II, ISO 27001, ISO 27017, ISO 27018 | Standard Terms |
| Meta Platforms, Inc. (Meta Pixel) | Ad attribution and conversion tracking (consent-gated) | Page views, conversion events, hashed email for ad matching (opt-in only) | United States | ISO 27001, ISO 27701 | Standard Terms |
| Cloudflare, Inc. | R2 object storage, CDN, DDoS protection | Uploaded images (if any), cached static assets | Global (edge) | SOC 2 Type II, ISO 27001, HIPAA-capable | Standard Terms |
| Google LLC (OAuth + Workspace) | Google Sign-In, Workspace email infrastructure for staff | OAuth tokens, Google account email, name | United States | SOC 2, SOC 3, ISO 27001, ISO 27017, ISO 27018 | Standard Terms |
| Apple Inc. (Sign in with Apple) | Apple OAuth authentication | Apple relay email or real email (user choice), first use token | United States | Apple privacy commitments | Standard Terms |
| Anthropic, PBC | AI-assisted content generation and support workflows (internal staff tools) | No customer journal content. Anonymized aggregate prompts only. | United States | SOC 2 Type II | Standard Terms |
International Data Transfers
LVRS FRVR operates from the United States. When a subprocessor is based outside the U.S. or transfers data across borders, we rely on Standard Contractual Clauses (SCCs), the UK International Data Transfer Addendum, or equivalent approved transfer mechanisms.
Users in the European Economic Area, United Kingdom, and Switzerland can request the specific transfer mechanism in place for any subprocessor by emailing privacy@lvrsfrvr.com.
Changelog
April 20, 2026
Initial publication of subprocessor list. Inventory extracted from privacy policy into standalone, dated page.
Notification and Objection
Enterprise customers, academic research partners, and health-data licensees may subscribe to subprocessor change alerts by emailing privacy@lvrsfrvr.com with the subject line "Subprocessor Alerts."
Consumers can re-check this page at any time. The "Last Updated" date reflects the most recent change.
Contact
Questions about our subprocessors or DPA status: privacy@lvrsfrvr.com