Proyecta ("we," "us," or "our") engages the following third-party service providers ("subprocessors") to process personal data on our behalf in connection with providing the Services. This list supplements our Privacy Policy and Terms of Service.
1. Updates to This List
We may update this list from time to time as our infrastructure changes. We will notify affected customers at least 30 days before a new subprocessor begins processing their personal data, by updating this page (and its "Last updated" date) and notifying account contacts by email. You may object on reasonable data-protection grounds by contacting privacy@proyecta.dev. Customers with active enterprise agreements also receive notice as specified in their Data Processing Addendum.
If you have concerns about a particular subprocessor, contact privacy@proyecta.dev and we will work with you in good faith to address them.
2. Hosting and Infrastructure
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Google LLC (Google Cloud Platform) | Cloud hosting, storage, compute, managed databases (including Memorystore for Redis), Vertex AI image generation | All customer Content, account data, runtime environments | United States |
| Cloudflare, Inc. | DNS resolution and TLS certificate validation; edge content delivery, caching, and DDoS protection for user-published apps (*.proyecta.live) and Cloudflare Workers | Request metadata, IP addresses, headers | Global edge network |
| Convex, Inc. | Backend-as-a-service for customer-built applications (auto-provisioned per prototype) | Customer application data created within Proyecta-built apps | United States |
3. AI and Machine Learning
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Anthropic, PBC | Large language model inference (Claude) | Prompts, code, conversation context, file contents | United States |
| OpenAI OpCo, LLC (a subsidiary of OpenAI Group PBC) | Image generation for AI image features (not used for text/code inference) | Image-generation prompts | United States |
| Google LLC (Gemini API, Vertex AI) | Language model inference, image generation (Imagen) | Prompts, code, image-generation requests | United States |
| AlphaAI Technologies Inc. (d/b/a Tavily) | Website content extraction for business-context ingestion, and real-time web search during AI agent runs | URLs submitted by customers and the resulting scraped content; free-text search queries generated by AI agents | United States |
4. Communications and Customer Support
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| SendGrid, Inc. (a Twilio company) | Transactional email delivery (welcome, password reset, invitations, notifications) | Recipient name, email address, message content | United States |
| J2 Martech Corp. (d/b/a Kickbox) | Email address validation at signup | Email addresses submitted during account registration | United States |
| Intercom, Inc. | In-app messaging and customer support | Customer name, email address, support conversations, attachments, IP address | United States |
5. Analytics and Monitoring
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| PostHog, Inc. | Product analytics and session replay | User identifiers, behavioral events, session recordings, IP addresses | European Union |
| Functional Software, Inc. (Sentry) | Application error monitoring | Stack traces, user identifiers, IP addresses, request payloads when an error occurs | United States |
6. Payments and Billing
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| Sold Through Link, LLC (operating as Lemon Squeezy) | Merchant of record — payment processing, billing, tax collection and remittance, chargebacks | Customer name, billing address, email, payment instrument metadata (Lemon Squeezy does not share full card numbers with us), country, tax identifiers | United States |
7. EU Privacy Compliance Representative
The following provider acts as our appointed legal representative for handling data-subject requests and authority communications from the European Union. The associated data-subject request (DSR) intake portal and data-breach notification tool are operated by iuro Rechtsanwälte GmbH t/a Prighter as a processor on our behalf. See Section 10 of our Privacy Policy for the appointment context.
| Subprocessor | Purpose | Data Processed | Location |
|---|---|---|---|
| iuro Rechtsanwälte GmbH t/a Prighter | EU GDPR Art. 27 representative; DSR intake portal; data-breach notification tool | Name, contact details, identifiers, and content of requests from data subjects (technical processing in Germany via Hetzner Online GmbH) | Vienna, Austria (EU) |
8. Integrations You Authorize
When you connect a third-party service to your account (such as GitHub, Slack, Notion, Linear, or Figma), we receive the data scopes you authorize. These services act as independent controllers of the data within their own systems and are governed by their own terms and privacy policies — they are not subprocessors of Proyecta. We integrate with:
- GitHub, Inc. (source repositories, pull requests, CI metadata)
- Slack Technologies, LLC (bot integration where you install our app)
- Notion Labs, Inc.
- Linear Orbit, Inc.
- Figma, Inc.
- Atlassian Pty Ltd (where applicable)
You may revoke access to any of these integrations at any time through the respective service's settings.
9. Contact
Questions about this list or our use of subprocessors:
- Privacy: privacy@proyecta.dev
- Legal: legal@proyecta.dev
