Subprocessors
Last updated: June 2, 2026
The following third-party companies process personal data on our behalf to deliver the NegotiateIt service. Each subprocessor has a Data Processing Agreement (DPA) in place with us.
We will update this page when we add or remove subprocessors. If you have subscribed to our service, we will notify you of material changes via email at least 30 days before a new subprocessor begins processing personal data.
Recent changes (May 2026): Plausible Analytics removed. PostHog now also powers cookieless analytics on the marketing landing page (a daily-rotating pseudonymous hash derived server-side from IP address and browser type; the raw IP address is never stored). Google Fonts removed as a runtime dependency — fonts are now served from our own infrastructure, so no IP address is transmitted to Google for typography rendering.
| Subprocessor | Purpose | Data processed | Location |
|---|---|---|---|
| Anthropic | AI model provider (Claude) for generating NPC dialogue and game decisions | Player messages, game context (per-turn, not stored by us beyond API call) | United States |
| Google (Gemini API) | Backup AI model provider for dialogue generation | Player messages, game context (when used as fallback) | United States |
| Google (OAuth) | Authentication (Google Sign-In) | Email address, display name, OAuth token | United States |
| Fly.io | Application hosting and database (Postgres) | All application data (encrypted in transit and at rest) | EU (primary region) |
| Creem | Merchant of record — payment processing, tax collection, invoicing | Email, subscription status, payment method (handled by Creem, not stored by us) | European Union |
| Resend | Transactional email (password reset, verification, notifications) | Email address, email content | United States |
| PostHog | Analytics. (1) In-app product analytics — only with explicit user consent. (2) Cookieless landing-page analytics — no cookies or client-side identifier; legitimate interest (Art. 6(1)(f) GDPR), no consent banner required (§25 TTDSG) | In-app: usage events, session recordings (opt-in only). Landing page: a daily-rotating pseudonymous hash derived server-side from IP address and browser type — raw IP address never stored | United States (PostHog, Inc.; transfers covered by SCCs + EU-U.S. Data Privacy Framework) |
| Sentry | Error monitoring and crash reporting | Device info, anonymized error context — never message content or PII | United States |
| Cloudflare | CDN, DDoS protection, DNS | IP addresses, request metadata (processed transiently) | Global (nearest edge) |
| Meta Platforms Ireland Ltd | Server-side conversion measurement (Meta Conversions API) for paid acquisition attribution — no browser tracking, no pixel | Hashed email, conversion event type, timestamp, campaign identifiers | European Union / United States |
| AppLovin Corporation | Server-side conversion measurement (AppLovin S2S) for paid acquisition attribution — no browser tracking, no SDK | Hashed email, conversion event type, timestamp, campaign identifiers | United States |
| Google Workspace | Company email hosting for legal@, support@, and privacy@negotiateit.ai inboxes | Email content and sender data received at our company inboxes | United States / European Union (Google Cloud regions) |
For questions about our subprocessors or data processing, contact privacy@negotiateit.ai.