← Legal hub
Privacy & data
Subprocessors & Vendors
Last updated: July 2026
Draft — pending legal review. This page sets out our intended approach and is published for planning and product-development purposes. It is not yet a final, legally reviewed policy and should not be relied on as one.
1. Purpose
This page lists the categories of third-party providers who may process personal or health information on our behalf, so it’s clear who else touches your data and why.
2. Current subprocessors
- Cloudflare: Hosting, CDN and edge network for the platform.
- Supabase: Database, authentication, and file storage.
- Stripe: Payment processing for session charges and membership fees.
- Resend: Transactional email (booking confirmations, reminders, receipts).
3. Vendor obligations
Each vendor is engaged under terms that require appropriate security and confidentiality protections for any personal or health information they process on our behalf.
4. Changes to this list
We’ll update this page when we add or remove a subprocessor that handles personal or clinical data.