Subprocessors
Last updated: 2026-05-31
Zenya AI engages the following third-party services to operate the Service. Each acts as a data processor under EU GDPR. Personal data is shared only to the extent necessary, governed by a Data Processing Agreement (DPA) where applicable, and protected with appropriate transfer safeguards.
| Provider | Role | Data shared | Location | Safeguard | Privacy |
|---|---|---|---|---|---|
| Supabase | Database, authentication, file storage | User account data, generated themes, scrape history, subscription records | Ireland (EU) | EU-hosted; SCCs in DPA | link |
| Vercel | Hosting, edge CDN, deployment | All HTTP traffic, request logs, deployment metadata | USA (with EU edge) | EU-U.S. Data Privacy Framework + SCCs | link |
| Stripe | Payment processing, subscription billing, customer portal | Name, email, billing address, payment-method details (card via Stripe, not us), transaction history | USA / Ireland (EU subsidiary) | EU-U.S. Data Privacy Framework + SCCs | link |
| OpenAI | Large-language-model generation of theme content | The business brief you submit (no account identifiers attached) | USA | API data not used for training (per OpenAI API ToS) + SCCs | link |
| ScraperAPI | Product-page scraping (only when direct fetch fails) | The product URL you submit | USA | SCCs | link |
| Shopify | OAuth + product/theme APIs (only if you connect a store) | Shop domain, shop owner email, product data, theme data | Canada (adequacy decision under GDPR Art. 45) | EU-Canada Adequacy Decision | link |
Changes
We notify customers of new subprocessors by updating this page at least 15 days before they begin processing personal data, allowing time to object via zenyaai@outlook.com.