Sub-processors
Last updated June 4, 2026
We engage the following categories of sub-processors to provide the Service. Each is bound by a written contract requiring confidentiality, security measures appropriate to the risk, and assistance with data-subject requests, in line with Article 28 GDPR or equivalent. Specific vendor names within technical categories may change as we evolve our infrastructure; contractual safeguards remain in force.
| Provider / category | Purpose | Data categories | Region |
|---|---|---|---|
| Stripe, Inc. | Payment processing for international subscribers (merchant of record: Smart Earners Team Inc.) | Billing identifiers, payment metadata, transaction records | United States / European Union |
| Paystack Payments Limited | Payment processing for African subscribers (merchant of record: Smart Innovation Technologies Limited) | Billing identifiers, payment metadata, transaction records | Nigeria / European Union |
| AI inference providers | Content generation (ideas, hooks, adapted posts) and trend discovery / signal aggregation | Niche profile, prompts, generated outputs (no payment or password data) | United States / European Union |
| Email delivery provider | Transactional, security and notification email delivery | Email address, message content, delivery / engagement events | United States / European Union |
| Object storage provider | Storage for user-uploaded assets (e.g. avatars) and dispute evidence mirrors | Uploaded images, dispute evidence files, file metadata | Global edge |
| Database hosting provider | Primary application database | All Service data not held by another sub-processor above | European Union / United States (region-pinned per cluster) |
| Application hosting & CDN provider | Web application hosting, serverless API delivery and edge CDN | Request metadata, IP address | Global edge |
| Web push gateways | Delivery of opt-in browser push notifications | Push endpoint URLs only | Global |
| Google LLC / Google Ireland Limited (Google Analytics 4) | Aggregate website analytics — measures site usage to improve the product. Activated only with opt-in consent in the EEA, UK and Switzerland (Consent Mode v2 default = denied in those regions); default = granted elsewhere with opt-out available at any time via the Cookie Policy page. | Pseudonymous client identifier (cookie), anonymized IP, page URLs, device/browser type, referring source | United States / European Union (EU-US Data Privacy Framework + SCCs) |
| Google LLC / Google Ireland Limited (Google Ads) | Conversion measurement and remarketing for paid ads we run on Google Search. Activated only with opt-in consent in the EEA, UK and Switzerland (Consent Mode v2 default = denied in those regions); default = granted elsewhere with opt-out available at any time via the Cookie Policy page. | Click ID (gclid), pseudonymous conversion identifier, page URL of conversion event | United States / European Union (EU-US Data Privacy Framework + SCCs) |
International transfers
Where data is transferred outside the EEA / UK / Nigeria, we rely on Standard Contractual Clauses (EU SCCs / UK IDTA) or equivalent safeguards approved by the relevant supervisory authority, complemented by technical measures including encryption in transit and at rest.
Changes to this list
We update this page when sub-processor categories change. Material additions are announced on this page at least 30 days before activation where reasonably feasible, and customers with a Data Processing Addendum in place are notified by email so they can raise objections.