RECENSIO LIMITED — a private company limited by shares, incorporated in Ireland Company registration number (CRO): 820098 Registered office: Unit 2, 2 Bridge Street, Athlone, Co. Westmeath, N37 F1W4, Ireland Data protection contact: support@recensio.ai
This is the original English-language version of this document. Translations are provided for convenience. In the event of any conflict or inconsistency between the English version and a translation, the English version prevails.
About this list
To provide the Recensio service, we rely on a small number of third-party service providers ("sub-processors") that process personal data on our behalf. This page lists them, the purpose for which we use each one, the personal data each receives, where it processes that data, and the safeguard that protects any transfer of personal data outside the European Economic Area (EEA).
Where we act as a data processor on behalf of our business customers (for the review content processed through the Service, as explained in our Privacy Policy), these are also the sub-processors we engage under Article 28 GDPR. We engage each sub-processor under a written data processing agreement that meets Article 28 GDPR, and each sub-processor is bound to process personal data only to provide its service to us.
Our database, application hosting, rate-limiting layer and error-monitoring ingest are all located within the European Union (Frankfurt and Germany). Some sub-processors are established in the United States or transfer personal data there; each such transfer is protected by an appropriate safeguard under Chapter V GDPR, as set out in the table below.
Current sub-processors
| Sub-processor | Purpose | Personal data processed | Processing location | Transfer safeguard |
|---|---|---|---|---|
| Supabase, Inc. (United States) | Database, authentication and file storage | All personal data stored by the Service: account data, review content and reviewer names, agency and business contact data, waitlist data (including IP address), payment identifiers | European Union (Frankfurt) | US entity; 2021 EU Standard Contractual Clauses (and UK Addendum) |
| Anthropic PBC (United States) | AI generation and analysis of review replies | Reviewer name, review text, business context, and examples of previously approved replies | United States | EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses. Data submitted via the API is not used to train Anthropic's models |
| Stripe Payments Europe, Limited (Ireland), with onward transfer to Stripe, LLC (United States) | Payment and subscription processing | Subscriber email and name, billing identifiers. Card details are handled directly by Stripe and are not stored on our servers | Ireland / United States | EU-US Data Privacy Framework (primary) and 2021 EU Standard Contractual Clauses (fallback) |
| Twilio Ireland Limited (Ireland), with onward transfer to Twilio Inc. (United States) | WhatsApp notifications to the account owner | Recipient WhatsApp number, reviewer name, review text, rating, generated reply, business name | Ireland / United States | EU-US Data Privacy Framework (primary), Binding Corporate Rules, and 2021 EU Standard Contractual Clauses |
| Google Ireland Limited (Ireland), with onward transfer to Google LLC (United States) | Google account authentication (OAuth) and access to Google Business Profile reviews on the customer's behalf | The subscriber's Google account identity and consent; Google Business Profile review data (reviewer names, ratings, review text) accessed on the customer's instruction. Access is limited to the business.manage scope | Ireland / United States | EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses |
| Resend, Inc. (United States) | Transactional email delivery | Recipient email address and name; transactional and aggregated report content; and, in the notification sent when a reply fails to publish, the name of the reviewer concerned. Does not receive review text. | United States | 2021 EU Standard Contractual Clauses |
| Upstash, Inc. (United States) | Rate-limiting (Redis) to protect the Service against abuse | IP address, used as a rate-limiting key | European Union (Frankfurt) | EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses |
| Vercel, Inc. (United States) | Application hosting and compute; cookieless web analytics | All data processed in transit and compute to run the application. Web analytics is aggregated and cookieless and shares no personal data with third parties | European Union (Frankfurt) | EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses |
| Cloudflare, Inc. (United States) | Bot protection on sign-up and login (Turnstile) | The client IP address seen by Cloudflare during the challenge, and the challenge token | United States / global | EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses |
| Functional Software, Inc. d/b/a Sentry (United States) | Application error monitoring | Technical error identifiers and error messages. On a database error, a column value (for example a phone number) may incidentally appear in an error report; we do not send review text or reviewer names to Sentry | European Union (Germany) and United States | EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses |
Supabase, Inc. (United States)
- Purpose
- Database, authentication and file storage
- Personal data processed
- All personal data stored by the Service: account data, review content and reviewer names, agency and business contact data, waitlist data (including IP address), payment identifiers
- Processing location
- European Union (Frankfurt)
- Transfer safeguard
- US entity; 2021 EU Standard Contractual Clauses (and UK Addendum)
Anthropic PBC (United States)
- Purpose
- AI generation and analysis of review replies
- Personal data processed
- Reviewer name, review text, business context, and examples of previously approved replies
- Processing location
- United States
- Transfer safeguard
- EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses. Data submitted via the API is not used to train Anthropic's models
Stripe Payments Europe, Limited (Ireland), with onward transfer to Stripe, LLC (United States)
- Purpose
- Payment and subscription processing
- Personal data processed
- Subscriber email and name, billing identifiers. Card details are handled directly by Stripe and are not stored on our servers
- Processing location
- Ireland / United States
- Transfer safeguard
- EU-US Data Privacy Framework (primary) and 2021 EU Standard Contractual Clauses (fallback)
Twilio Ireland Limited (Ireland), with onward transfer to Twilio Inc. (United States)
- Purpose
- WhatsApp notifications to the account owner
- Personal data processed
- Recipient WhatsApp number, reviewer name, review text, rating, generated reply, business name
- Processing location
- Ireland / United States
- Transfer safeguard
- EU-US Data Privacy Framework (primary), Binding Corporate Rules, and 2021 EU Standard Contractual Clauses
Google Ireland Limited (Ireland), with onward transfer to Google LLC (United States)
- Purpose
- Google account authentication (OAuth) and access to Google Business Profile reviews on the customer's behalf
- Personal data processed
- The subscriber's Google account identity and consent; Google Business Profile review data (reviewer names, ratings, review text) accessed on the customer's instruction. Access is limited to the business.manage scope
- Processing location
- Ireland / United States
- Transfer safeguard
- EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses
Resend, Inc. (United States)
- Purpose
- Transactional email delivery
- Personal data processed
- Recipient email address and name; transactional and aggregated report content; and, in the notification sent when a reply fails to publish, the name of the reviewer concerned. Does not receive review text.
- Processing location
- United States
- Transfer safeguard
- 2021 EU Standard Contractual Clauses
Upstash, Inc. (United States)
- Purpose
- Rate-limiting (Redis) to protect the Service against abuse
- Personal data processed
- IP address, used as a rate-limiting key
- Processing location
- European Union (Frankfurt)
- Transfer safeguard
- EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses
Vercel, Inc. (United States)
- Purpose
- Application hosting and compute; cookieless web analytics
- Personal data processed
- All data processed in transit and compute to run the application. Web analytics is aggregated and cookieless and shares no personal data with third parties
- Processing location
- European Union (Frankfurt)
- Transfer safeguard
- EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses
Cloudflare, Inc. (United States)
- Purpose
- Bot protection on sign-up and login (Turnstile)
- Personal data processed
- The client IP address seen by Cloudflare during the challenge, and the challenge token
- Processing location
- United States / global
- Transfer safeguard
- EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses
Functional Software, Inc. d/b/a Sentry (United States)
- Purpose
- Application error monitoring
- Personal data processed
- Technical error identifiers and error messages. On a database error, a column value (for example a phone number) may incidentally appear in an error report; we do not send review text or reviewer names to Sentry
- Processing location
- European Union (Germany) and United States
- Transfer safeguard
- EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses
Changes to this list
We may add or replace sub-processors as the Service evolves. When we make a material change, we will update this page and take reasonable steps to inform customers with whom we have a direct relationship. Where we act as a processor for a business customer, that customer may object to a new sub-processor on reasonable data protection grounds by contacting us at support@recensio.ai within 30 days of the change; we will work in good faith to address any such objection.
Contact
RECENSIO LIMITED Unit 2, 2 Bridge Street, Athlone, Co. Westmeath, N37 F1W4, Ireland Company registration number (CRO): 820098 Email: support@recensio.ai