Subprocessors
Last updated: May 2026 (P-17 GDPR Art. 8 age floor disclosure) | Version: 3.9 | Table last reviewed: 2026-05-09
How to read this list
Each row is a vendor that, under our written instructions, may process personal data described in our Privacy Policy. Columns are deliberate:
- Vendor — legal entity providing the service.
- Purpose — what the vendor is instructed to do.
- Data categories — the types of personal data the vendor receives.
- Region — where processing happens. Where this is "US" or "Varies", an Art. 46 GDPR safeguard is required — see the next column.
- Transfer mechanism — the Art. 46 safeguard relied on for transfers outside the EEA (Standard Contractual Clauses, UK adequacy, etc.).
- DPA status — whether we hold a counter-signed Data Processing Addendum or rely on the vendor's click-through DPA. Cells reflect the latest documented status; if you need a copy of a specific DPA for due diligence, email support@talkingpaper.app.
- Last reviewed — the date we last verified the row.
Current subprocessors
| Vendor | Purpose | Data categories | Region | Transfer mechanism | DPA status | Last reviewed |
|---|---|---|---|---|---|---|
| Render | Hosting (compute, Postgres, Redis) | All processed data | US | SCC + DPA | Signed | 2026-05-09 |
| OpenRouter | LLM routing | Journal text in prompts, completions | US | SCC + DPA | Click-through | 2026-05-09 |
| Per-model providers fronted by OpenRouter | LLM inference | Journal text | Varies | Per vendor | Per vendor | 2026-05-09 |
| Langfuse Cloud | LLM observability (prompt/completion capture) | Prompts, completions, metadata | EU/US | SCC + DPA | Click-through | 2026-05-09 |
| Sentry | Error monitoring | Stack traces, request metadata, IP | US | SCC + DPA | Signed | 2026-05-09 |
| Paddle | Merchant of record / payments | Billing data, IP | UK | UK adequacy + DPA | Signed | 2026-05-09 |
| Zoho Mail | Transactional email | Email recipients, content | EU | SCC + DPA | Signed | 2026-05-09 |
| Crisp | Live chat | Chat content, user metadata | EU | DPA | Click-through | 2026-05-09 |
| IPinfo | IP geolocation | IP addresses | US | SCC + DPA | Click-through | 2026-05-09 |
| hCaptcha | Anti-bot | IP, browser metadata | US | SCC + DPA | Click-through | 2026-05-09 |
| reCAPTCHA | Anti-bot | IP, browser metadata | US | SCC + DPA | Click-through | 2026-05-09 |
| Google OAuth | Authentication | Email, profile basics | US | SCC + DPA | Click-through | 2026-05-09 |
| Google Analytics | Site analytics | Cookie IDs, page views | US | SCC + DPA | Click-through | 2026-05-09 |
| Facebook Pixel | Conversion tracking | Cookie IDs, events | US | SCC + DPA | Click-through | 2026-05-09 |
| AWS | Underlying infrastructure (where applicable) | Per-tenant | Varies | Per region | Signed | 2026-05-09 |
Cells marked "Click-through" reflect a vendor-published DPA accepted electronically rather than a counter-signed bilateral document. We are migrating high-impact rows to "Signed" as part of our vendor-management programme; the internal register that tracks each pending counter-signature, ZDR enablement, and region-lock evidence is maintained at business-docs/compliance/contracts/ in the project repository. Until a row in that register flips to "Signed", the corresponding cell above continues to read "Click-through" by design.
Change notice (Art. 28(2) GDPR)
We give at least 30 days notice before adding a new subprocessor or materially changing how an existing subprocessor processes personal data. Notices are published on this page; if you have given us a billing email, you may also receive an email notice.
To object to a change before it takes effect, email support@talkingpaper.app within the 30-day window. Where an objection cannot be reconciled, you have the right to terminate the affected subscription under our Terms of Service.
To subscribe to change notices by email, send a message with the subject "Subscribe: subprocessor changes" to support@talkingpaper.app.
Notification of changes
For AI subprocessors specifically (the LLM gateway, the per-model providers fronted by it, and the LLM observability vendor — the rows above describing those services), we commit to the following user-facing notice posture in addition to the Art. 28(2) baseline above:
- Planned changes. We will notify users by email and an in-product banner at least 30 days before adding or changing a material AI subprocessor.
- Unplanned routing changes. For unplanned routing changes (e.g., emergency provider failover when an upstream AI provider is unavailable), we will notify as soon as practicable.
These commitments are operator-driven: the email + banner are issued manually by the Talking Paper team alongside the row update on this page. We do not currently run an automated change-notification mechanism; that work is tracked separately and will replace the manual process when shipped without weakening the commitment described here.
Questions or DPA requests
For a copy of a specific Data Processing Addendum, our own customer-facing DPA, or any question about this list, email support@talkingpaper.app or our Data Protection Officer at dpo@talkingpaper.app.