Sub-Processors
Last updated: March 10, 2026
Amelia Vibe uses the following third-party sub-processors to deliver our Services. We notify existing customers by email at least 30 days before adding a new sub-processor. This page is provided for transparency and to support our obligations under GDPR Article 28.
Infrastructure & Data Storage
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Supabase, Inc. | Managed PostgreSQL database, authentication, file storage | Account data, OAuth tokens, user content, integration data | United States (AWS us-east-1) |
| Vercel, Inc. | Application hosting, edge functions, CDN | HTTP request data, session cookies, server-side logs | United States (global edge) |
| Upstash, Inc. | Serverless Redis (rate limiting) | Rate limit counters (no PII) | United States (AWS us-east-1) |
Analytics & Monitoring
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| PostHog, Inc. | Product analytics, feature flags, session insights | Anonymised usage events, page views, device/browser info, user ID | United States (US Cloud) |
| Functional Software, Inc. (Sentry) | Error monitoring, performance tracing | Error stack traces, request metadata, browser/OS info, user ID for issue correlation | United States |
AI & Content Generation
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Anthropic, PBC | Primary AI model for post generation, alignment scoring, style analysis | User-provided prompts, content pillars, style guide, file contents (when user requests drafts). Inputs retained up to 30 days for abuse/safety monitoring only; not used for model training. | United States |
| OpenAI, Inc. | Legacy chat assistant, content moderation | User-provided prompts, draft content for moderation checks. Inputs not used for model training (API data use policy). | United States |
Payments
| Sub-Processor | Purpose | Data Processed | Location |
|---|---|---|---|
| Stripe, Inc. | Payment processing, subscription management, invoicing | Name, email, payment method details, billing address, transaction history | United States |
Third-Party Platform APIs
The following platforms are accessed on your behalf when you connect an integration. Data is sent to these platforms only to perform actions you have authorised.
| Platform | Purpose | Data Processed | Location |
|---|---|---|---|
| LinkedIn (Microsoft Corp.) | Publish posts, retrieve analytics | OAuth tokens, post content, analytics metrics | United States |
| X Corp. | Receive DM content, read bookmarks | OAuth tokens, DM messages, bookmark data | United States |
| Google LLC | Google Sign-In, Google Drive file sync | OAuth tokens, email, Drive file names/metadata/contents from selected folder | United States |
| Microsoft Corp. | OneDrive file sync | OAuth tokens, email, OneDrive file names/metadata/contents from selected folder | United States |
Data Processing Agreement
If you require a Data Processing Agreement (DPA) for your organisation, please contact us at amelia@ameliavibe.com. We will provide a signed DPA that covers all sub-processors listed on this page.
Changes to This List
We will update this page whenever we add or remove a sub-processor. If you have subscribed to sub-processor change notifications (via your account settings or by emailing us), we will notify you at least 30 days before a new sub-processor begins processing personal data.
Contact
Questions about our sub-processors? Contact us at amelia@ameliavibe.com
Amelia Vibe, LLC
777 Brickell Ave, Suite 500 PMB 1083
Miami, FL 33131, United States