← back to Privacy Policy
Subprocessors
Last reviewed: 21 April 2026
Under GDPR Art. 28 we are required to tell you who we share user data with and why. This is the authoritative list. If you want the Data Processing Agreement with any specific subprocessor, email hey@startdoin.com.
Currently using
| Name | Purpose | Region |
|---|---|---|
| Supabase | Postgres database, authentication, private photo storage, Edge Functions. | EU-West Ireland |
| Cloudflare | CDN, DDoS protection, Pages hosting for our web app. | Global edge (automatic routing); data in transit only. |
| OneSignal | Mobile push notifications. Used only when a user opts in. | US / global. Only the minimum identifier needed to address a device. |
Planned (not yet integrated)
Listed here for transparency. No user data is shared with these providers today. We will update this page and email account holders before activating any of them.
| Name | Purpose | Region |
|---|---|---|
| Stripe | Web payment processing. Will be activated when we launch paid tiers. | Ireland / US (PCI-DSS processor). |
| RevenueCat | Mobile in-app purchase management. Will be activated when paid tiers launch. | US. |
What we are NOT using
- No analytics (Mixpanel, PostHog, Google Analytics).
- No crash reporting (Sentry, Bugsnag, Crashlytics).
- No advertising networks.
- No third-party tracking cookies.
If we add any of these in the future, they will appear in the "Currently using" table above first and we will notify account holders by email before activation.
Changes to this page
Every addition or removal is a material change to our processing. Account holders are notified by email. This page's git history is the audit log.
Questions? hey@startdoin.com