Sub-processor List

Last updated: July 13, 2026

RECENSIO LIMITED — a private company limited by shares, incorporated in Ireland Company registration number (CRO): 820098 Registered office: Unit 2, 2 Bridge Street, Athlone, Co. Westmeath, N37 F1W4, Ireland Data protection contact: support@recensio.ai

This is the original English-language version of this document. Translations are provided for convenience. In the event of any conflict or inconsistency between the English version and a translation, the English version prevails.


About this list

To provide the Recensio service, we rely on a small number of third-party service providers ("sub-processors") that process personal data on our behalf. This page lists them, the purpose for which we use each one, the personal data each receives, where it processes that data, and the safeguard that protects any transfer of personal data outside the European Economic Area (EEA).

Where we act as a data processor on behalf of our business customers (for the review content processed through the Service, as explained in our Privacy Policy), these are also the sub-processors we engage under Article 28 GDPR. We engage each sub-processor under a written data processing agreement that meets Article 28 GDPR, and each sub-processor is bound to process personal data only to provide its service to us.

Our database, application hosting, rate-limiting layer and error-monitoring ingest are all located within the European Union (Frankfurt and Germany). Some sub-processors are established in the United States or transfer personal data there; each such transfer is protected by an appropriate safeguard under Chapter V GDPR, as set out in the table below.


Current sub-processors

Supabase, Inc. (United States)

Purpose
Database, authentication and file storage
Personal data processed
All personal data stored by the Service: account data, review content and reviewer names, agency and business contact data, waitlist data (including IP address), payment identifiers
Processing location
European Union (Frankfurt)
Transfer safeguard
US entity; 2021 EU Standard Contractual Clauses (and UK Addendum)

Anthropic PBC (United States)

Purpose
AI generation and analysis of review replies
Personal data processed
Reviewer name, review text, business context, and examples of previously approved replies
Processing location
United States
Transfer safeguard
EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses. Data submitted via the API is not used to train Anthropic's models

Stripe Payments Europe, Limited (Ireland), with onward transfer to Stripe, LLC (United States)

Purpose
Payment and subscription processing
Personal data processed
Subscriber email and name, billing identifiers. Card details are handled directly by Stripe and are not stored on our servers
Processing location
Ireland / United States
Transfer safeguard
EU-US Data Privacy Framework (primary) and 2021 EU Standard Contractual Clauses (fallback)

Twilio Ireland Limited (Ireland), with onward transfer to Twilio Inc. (United States)

Purpose
WhatsApp notifications to the account owner
Personal data processed
Recipient WhatsApp number, reviewer name, review text, rating, generated reply, business name
Processing location
Ireland / United States
Transfer safeguard
EU-US Data Privacy Framework (primary), Binding Corporate Rules, and 2021 EU Standard Contractual Clauses

Google Ireland Limited (Ireland), with onward transfer to Google LLC (United States)

Purpose
Google account authentication (OAuth) and access to Google Business Profile reviews on the customer's behalf
Personal data processed
The subscriber's Google account identity and consent; Google Business Profile review data (reviewer names, ratings, review text) accessed on the customer's instruction. Access is limited to the business.manage scope
Processing location
Ireland / United States
Transfer safeguard
EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses

Resend, Inc. (United States)

Purpose
Transactional email delivery
Personal data processed
Recipient email address and name; transactional and aggregated report content; and, in the notification sent when a reply fails to publish, the name of the reviewer concerned. Does not receive review text.
Processing location
United States
Transfer safeguard
2021 EU Standard Contractual Clauses

Upstash, Inc. (United States)

Purpose
Rate-limiting (Redis) to protect the Service against abuse
Personal data processed
IP address, used as a rate-limiting key
Processing location
European Union (Frankfurt)
Transfer safeguard
EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses

Vercel, Inc. (United States)

Purpose
Application hosting and compute; cookieless web analytics
Personal data processed
All data processed in transit and compute to run the application. Web analytics is aggregated and cookieless and shares no personal data with third parties
Processing location
European Union (Frankfurt)
Transfer safeguard
EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses

Cloudflare, Inc. (United States)

Purpose
Bot protection on sign-up and login (Turnstile)
Personal data processed
The client IP address seen by Cloudflare during the challenge, and the challenge token
Processing location
United States / global
Transfer safeguard
EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses

Functional Software, Inc. d/b/a Sentry (United States)

Purpose
Application error monitoring
Personal data processed
Technical error identifiers and error messages. On a database error, a column value (for example a phone number) may incidentally appear in an error report; we do not send review text or reviewer names to Sentry
Processing location
European Union (Germany) and United States
Transfer safeguard
EU-US Data Privacy Framework and 2021 EU Standard Contractual Clauses

Changes to this list

We may add or replace sub-processors as the Service evolves. When we make a material change, we will update this page and take reasonable steps to inform customers with whom we have a direct relationship. Where we act as a processor for a business customer, that customer may object to a new sub-processor on reasonable data protection grounds by contacting us at support@recensio.ai within 30 days of the change; we will work in good faith to address any such objection.


Contact

RECENSIO LIMITED Unit 2, 2 Bridge Street, Athlone, Co. Westmeath, N37 F1W4, Ireland Company registration number (CRO): 820098 Email: support@recensio.ai